You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by bb...@apache.org on 2020/09/17 17:05:46 UTC
[nifi] branch support/nifi-1.12.x updated: NIFI-7804 Split nifi-security-utils into sub-module for nifi-security… (#4533)
This is an automated email from the ASF dual-hosted git repository.
bbende pushed a commit to branch support/nifi-1.12.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.12.x by this push:
new 16973d0 NIFI-7804 Split nifi-security-utils into sub-module for nifi-security… (#4533)
16973d0 is described below
commit 16973d059a63c093677fcdeffb6c267d08c6828e
Author: Andy LoPresto <al...@users.noreply.github.com>
AuthorDate: Thu Sep 17 09:52:22 2020 -0700
NIFI-7804 Split nifi-security-utils into sub-module for nifi-security… (#4533)
* NIFI-7804 Split nifi-security-utils into sub-module for nifi-security-utils-api (no external dependencies).
Separated interface and implementation of TlsConfiguration.
Reabsorbed nifi-security-xml-config into nifi-security-utils.
* NIFI-7804 Resolved failing unit test on Java 8.
Removed accidental module dependency.
* NIFI-7804 Resolved failing unit test.
* NIFI-7804 Removed legacy dependency.
* NIFI-7804 Marked nifi-security-utils-api as provided and overrode with compile scope in specific modules which are not children of nifi-standard-services-api-nar.
---
.../main/java/org/apache/nifi/action/Action.java | 5 +-
.../nifi/annotation/behavior/DynamicProperty.java | 1 -
.../annotation/behavior/DynamicRelationship.java | 1 -
.../nifi/annotation/behavior/Restriction.java | 3 +-
.../apache/nifi/annotation/behavior/Stateful.java | 1 -
.../annotation/configuration/DefaultSchedule.java | 9 +-
.../annotation/configuration/DefaultSettings.java | 6 +-
.../documentation/DeprecationNotice.java | 3 +-
.../nifi/annotation/documentation/SeeAlso.java | 1 -
.../nifi/annotation/lifecycle/OnDisabled.java | 1 -
.../nifi/annotation/lifecycle/OnRemoved.java | 1 -
.../nifi/annotation/lifecycle/OnShutdown.java | 1 -
.../nifi/annotation/lifecycle/OnStopped.java | 1 -
.../nifi/components/ConfigurableComponent.java | 1 -
.../apache/nifi/components/PropertyDescriptor.java | 1 -
.../org/apache/nifi/components/PropertyValue.java | 3 +-
.../apache/nifi/components/ValidationContext.java | 5 +-
.../apache/nifi/components/state/StateManager.java | 1 -
.../state/exception/StateTooLargeException.java | 3 +-
.../org/apache/nifi/context/PropertyContext.java | 3 +-
.../nifi/controller/ConfigurationContext.java | 5 +-
.../nifi/controller/status/ProcessGroupStatus.java | 3 +-
.../nifi/controller/status/ProcessorStatus.java | 3 +-
.../documentation/AbstractDocumentationWriter.java | 17 +-
.../ExtensionDocumentationWriter.java | 3 +-
...tionControllerServiceInitializationContext.java | 5 +-
...ocumentationProcessorInitializationContext.java | 5 +-
...ocumentationReportingInitializationContext.java | 7 +-
.../init/EmptyControllerServiceLookup.java | 3 +-
.../nifi/documentation/init/NopStateManager.java | 3 +-
.../documentation/xml/XmlDocumentationWriter.java | 29 ++-
.../processor/AbstractSessionFactoryProcessor.java | 1 -
.../org/apache/nifi/processor/ProcessContext.java | 1 -
.../org/apache/nifi/processor/ProcessSession.java | 1 -
.../java/org/apache/nifi/processor/Processor.java | 1 -
.../exception/TerminatedTaskException.java | 1 -
.../nifi/provenance/ProvenanceEventBuilder.java | 1 -
.../apache/nifi/provenance/ProvenanceReporter.java | 3 +-
.../nifi/reporting/AbstractReportingTask.java | 1 -
.../org/apache/nifi/reporting/EventAccess.java | 5 +-
.../apache/nifi/reporting/ReportingContext.java | 3 +-
.../reporting/ReportingInitializationContext.java | 1 -
.../org/apache/nifi/processor/TestDataUnit.java | 4 +-
.../apache/nifi/registry/TestVariableRegistry.java | 3 +-
.../notification/http/HttpNotificationService.java | 3 +-
.../http/TestHttpNotificationServiceSSL.java | 9 +-
.../nifi-security-utils-api}/pom.xml | 28 ++-
.../org/apache/nifi/security/util/ClientAuth.java} | 29 ++-
.../apache/nifi/security/util/KeystoreType.java | 3 +-
.../nifi/security/util/TlsConfiguration.java | 219 +++++++++++++++++++++
.../apache/nifi/security/util/TlsException.java | 0
.../nifi/security/util/TlsConfigurationTest.groovy | 102 ++++++++++
nifi-commons/nifi-security-utils/pom.xml | 5 +
.../nifi/security/util/CertificateUtils.java | 78 +-------
.../nifi/security/util/SslContextFactory.java | 45 +----
...guration.java => StandardTlsConfiguration.java} | 135 +++++++------
.../nifi/security/xml/SafeXMLConfiguration.java | 13 +-
.../nifi/security/util/CertificateUtilsTest.groovy | 64 +-----
.../security/util/SslContextFactoryTest.groovy | 34 ++--
....groovy => StandardTlsConfigurationTest.groovy} | 34 ++--
.../nifi/remote/client/SiteToSiteClient.java | 4 +-
.../nifi/remote/client/http/TestHttpClient.java | 6 +-
.../nifi/io/socket/ServerSocketConfiguration.java | 3 +-
.../apache/nifi/io/socket/SocketConfiguration.java | 3 +-
.../org/apache/nifi/io/socket/SocketUtils.java | 6 +-
.../apache/nifi/io/socket/SocketUtilsTest.groovy | 17 +-
.../util/file/classloader/ClassLoaderUtils.java | 13 +-
nifi-commons/pom.xml | 1 +
.../src/main/asciidoc/images/s2s-rproxy-http.svg | 3 +-
.../main/asciidoc/images/s2s-rproxy-portnumber.svg | 3 +-
.../main/asciidoc/images/s2s-rproxy-servername.svg | 3 +-
.../nifi/provenance/MockProvenanceRepository.java | 1 -
.../org/apache/nifi/state/MockStateManager.java | 3 +-
.../java/org/apache/nifi/state/MockStateMap.java | 3 +-
.../java/org/apache/nifi/util/CapturingLogger.java | 11 +-
.../nifi/util/ControllerServiceConfiguration.java | 1 -
.../apache/nifi/util/MockBulletinRepository.java | 3 +-
.../org/apache/nifi/util/MockComponentLog.java | 1 -
.../apache/nifi/util/MockConfigurationContext.java | 1 -
...MockControllerServiceInitializationContext.java | 3 +-
.../nifi/util/MockControllerServiceLookup.java | 1 -
.../java/org/apache/nifi/util/MockEventAccess.java | 1 -
.../org/apache/nifi/util/MockFlowFileQueue.java | 1 -
.../org/apache/nifi/util/MockKerberosContext.java | 3 +-
.../org/apache/nifi/util/MockProcessContext.java | 25 ++-
.../org/apache/nifi/util/MockProcessSession.java | 37 ++--
.../util/MockProcessorInitializationContext.java | 1 -
.../org/apache/nifi/util/MockPropertyContext.java | 5 +-
.../org/apache/nifi/util/MockPropertyValue.java | 11 +-
.../apache/nifi/util/MockProvenanceReporter.java | 1 -
.../org/apache/nifi/util/MockReportingContext.java | 1 -
.../util/MockReportingInitializationContext.java | 1 -
.../org/apache/nifi/util/MockSessionFactory.java | 1 -
.../apache/nifi/util/MockValidationContext.java | 21 +-
.../org/apache/nifi/util/MockVariableRegistry.java | 1 -
.../org/apache/nifi/util/SharedSessionState.java | 1 -
.../nifi/util/StandardProcessorTestRunner.java | 57 +++---
.../main/java/org/apache/nifi/util/TestRunner.java | 17 +-
.../apache/nifi/util/TestMockProcessContext.java | 1 -
.../apache/nifi/util/TestMockProcessSession.java | 1 -
.../amqp/processors/AbstractAMQPProcessor.java | 9 +-
.../nifi/processors/aws/AbstractAWSProcessor.java | 4 +-
.../apache/nifi/processors/beats/ListenBeats.java | 12 +-
.../cassandra/AbstractCassandraProcessor.java | 12 +-
.../nifi/service/CassandraSessionProvider.java | 14 +-
.../schemaregistry/ConfluentSchemaRegistry.java | 2 +-
.../ElasticSearchClientServiceImpl.java | 6 +-
.../apache/nifi/processors/email/ListenSMTP.java | 8 +-
.../nifi/processors/email/TestListenSMTP.java | 7 +-
.../listen/dispatcher/SocketChannelDispatcher.java | 25 ++-
.../SocketChannelRecordReaderDispatcher.java | 17 +-
.../nifi-framework-nar/pom.xml | 8 +-
.../nifi-framework/nifi-file-authorizer/pom.xml | 2 +-
.../ServerSocketConfigurationFactoryBean.java | 4 +-
.../spring/SocketConfigurationFactoryBean.java | 4 +-
.../okhttp/OkHttpReplicationClient.java | 5 +-
.../org/apache/nifi/controller/FlowController.java | 5 +-
.../server/ConnectionLoadBalanceServer.java | 4 +-
.../manager/StandardStateManagerProvider.java | 6 +-
.../registry/flow/StandardFlowRegistryClient.java | 9 +-
.../server/ConnectionLoadBalanceServerTest.groovy | 13 +-
.../queue/clustered/LoadBalancedQueueIT.java | 9 +-
.../nifi/remote/SocketRemoteSiteListener.java | 5 +-
.../remote/SocketRemoteSiteListenerTest.groovy | 14 +-
.../apache/nifi/stateless/core/StatelessFlow.java | 9 +-
.../org/apache/nifi/web/server/JettyServer.java | 4 +-
.../nifi/web/server/JettyServerGroovyTest.groovy | 18 +-
.../OneWaySslAccessControlHelper.java | 9 +-
.../nifi/integration/util/NiFiTestServer.java | 4 +-
.../x509/ocsp/OcspCertificateValidator.java | 3 +-
nifi-nar-bundles/nifi-framework-bundle/pom.xml | 5 +
.../apache/nifi/processors/grpc/InvokeGRPC.java | 4 +-
.../apache/nifi/processors/grpc/ListenGRPC.java | 8 +-
.../nifi/jms/cf/JMSConnectionFactoryHandler.java | 2 +-
.../nifi-kerberos-iaa-providers-nar/pom.xml | 6 +
.../nifi-ldap-iaa-providers-nar/pom.xml | 6 +
.../java/org/apache/nifi/ldap/LdapProvider.java | 19 +-
.../nifi/ldap/tenants/LdapUserGroupProvider.java | 8 +-
.../processors/lumberjack/ListenLumberjack.java | 4 +-
.../nifi-mongodb-client-service-api/pom.xml | 1 -
.../apache/nifi/mongodb/MongoDBClientService.java | 4 +-
.../processors/mongodb/AbstractMongoProcessor.java | 12 +-
.../mongodb/AbstractMongoProcessorTest.java | 2 +-
.../nifi/mongodb/MongoDBControllerService.java | 11 +-
.../apache/nifi/reporting/s2s/SiteToSiteUtils.java | 4 +-
.../org/apache/nifi/processors/solr/SolrUtils.java | 6 +-
.../processors/solr/MockSSLContextService.java | 9 +-
.../controller/livy/LivySessionController.java | 6 +-
.../apache/nifi/processors/splunk/PutSplunk.java | 4 +-
.../apache/nifi/processors/standard/GetHTTP.java | 4 +-
.../nifi/processors/standard/ListenRELP.java | 12 +-
.../nifi/processors/standard/ListenSyslog.java | 14 +-
.../apache/nifi/processors/standard/ListenTCP.java | 12 +-
.../nifi/processors/standard/ListenTCPRecord.java | 14 +-
.../apache/nifi/processors/standard/PutSyslog.java | 4 +-
.../apache/nifi/processors/standard/PutTCP.java | 4 +-
.../processors/standard/TestGetHTTPGroovy.groovy | 2 +-
.../processors/standard/TestPostHTTPGroovy.groovy | 2 +-
.../standard/ITestHandleHttpRequest.java | 17 +-
.../nifi/processors/standard/TestListenHTTP.java | 28 +--
.../nifi/processors/standard/TestListenRELP.java | 8 +-
.../nifi/processors/standard/TestListenTCP.java | 16 +-
.../processors/standard/TestListenTCPRecord.java | 14 +-
.../processors/standard/util/TCPTestServer.java | 9 +-
.../client/DistributedMapCacheClientService.java | 2 +-
.../client/DistributedSetCacheClientService.java | 2 +-
.../cache/server/DistributedSetCacheServer.java | 2 +-
.../server/map/DistributedMapCacheServer.java | 2 +-
.../nifi-lookup-services/pom.xml | 5 +
.../nifi/oauth2/OAuth2TokenProviderImpl.java | 21 +-
.../ssl/StandardRestrictedSSLContextService.java | 25 ++-
.../apache/nifi/ssl/StandardSSLContextService.java | 28 ++-
.../nifi/ssl/StandardSSLContextServiceTest.groovy | 34 +++-
.../nifi/ssl/RestrictedSSLContextServiceTest.java | 6 +-
.../org/apache/nifi/ssl/SSLContextServiceTest.java | 2 +-
.../nifi-ssl-context-service-api/pom.xml | 2 +-
.../nifi/ssl/RestrictedSSLContextService.java | 40 ----
.../org/apache/nifi/ssl/SSLContextService.java | 62 +++++-
.../nifi-standard-services-api-nar/pom.xml | 5 +
nifi-nar-bundles/pom.xml | 6 +
.../cli/impl/client/nifi/NiFiClientConfig.java | 4 +-
.../TlsCertificateSigningRequestPerformer.java | 3 +-
.../server/TlsCertificateAuthorityService.java | 4 +-
.../tls/status/TlsToolkitGetStatusCommandLine.java | 6 +-
184 files changed, 1147 insertions(+), 884 deletions(-)
diff --git a/nifi-api/src/main/java/org/apache/nifi/action/Action.java b/nifi-api/src/main/java/org/apache/nifi/action/Action.java
index ed6505f..44c28a6 100644
--- a/nifi-api/src/main/java/org/apache/nifi/action/Action.java
+++ b/nifi-api/src/main/java/org/apache/nifi/action/Action.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.action;
-import org.apache.nifi.action.component.details.ComponentDetails;
-import org.apache.nifi.action.details.ActionDetails;
-
import java.io.Serializable;
import java.util.Date;
+import org.apache.nifi.action.component.details.ComponentDetails;
+import org.apache.nifi.action.details.ActionDetails;
/**
* An action taken on the flow by a user.
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicProperty.java b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicProperty.java
index aa52226..f73ce45 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicProperty.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicProperty.java
@@ -22,7 +22,6 @@ import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.components.ConfigurableComponent;
import org.apache.nifi.expression.ExpressionLanguageScope;
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicRelationship.java b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicRelationship.java
index 68d40c7..006f6ad 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicRelationship.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicRelationship.java
@@ -22,7 +22,6 @@ import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.Processor;
import org.apache.nifi.processor.Relationship;
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Restriction.java b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Restriction.java
index 2a07108..1490880 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Restriction.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Restriction.java
@@ -16,14 +16,13 @@
*/
package org.apache.nifi.annotation.behavior;
-import org.apache.nifi.components.RequiredPermission;
-
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
+import org.apache.nifi.components.RequiredPermission;
/**
* Specific restriction for a component. Indicates what the required permission is and why the restriction exists.
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Stateful.java b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Stateful.java
index de32bd7..0e22474 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Stateful.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Stateful.java
@@ -23,7 +23,6 @@ import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.components.state.Scope;
import org.apache.nifi.components.state.StateManager;
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSchedule.java b/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSchedule.java
index 8635a74..7d08d77 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSchedule.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSchedule.java
@@ -17,14 +17,13 @@
package org.apache.nifi.annotation.configuration;
-import org.apache.nifi.scheduling.SchedulingStrategy;
-
import java.lang.annotation.Documented;
-import java.lang.annotation.Target;
-import java.lang.annotation.Retention;
import java.lang.annotation.ElementType;
-import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.apache.nifi.scheduling.SchedulingStrategy;
/**
* <p>
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSettings.java b/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSettings.java
index d01972c..09402c7 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSettings.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSettings.java
@@ -18,11 +18,11 @@
package org.apache.nifi.annotation.configuration;
import java.lang.annotation.Documented;
-import java.lang.annotation.Target;
-import java.lang.annotation.Retention;
import java.lang.annotation.ElementType;
-import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
import org.apache.nifi.logging.LogLevel;
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/DeprecationNotice.java b/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/DeprecationNotice.java
index f9d47dd..e385843 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/DeprecationNotice.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/DeprecationNotice.java
@@ -16,14 +16,13 @@
*/
package org.apache.nifi.annotation.documentation;
-import org.apache.nifi.components.ConfigurableComponent;
-
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
+import org.apache.nifi.components.ConfigurableComponent;
/**
* Annotation that can be applied to a {@link org.apache.nifi.processor.Processor Processor},
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/SeeAlso.java b/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/SeeAlso.java
index f89e25b..4393775 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/SeeAlso.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/SeeAlso.java
@@ -22,7 +22,6 @@ import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.components.ConfigurableComponent;
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnDisabled.java b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnDisabled.java
index f8ca038..d4044a1 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnDisabled.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnDisabled.java
@@ -22,7 +22,6 @@ import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.controller.ConfigurationContext;
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnRemoved.java b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnRemoved.java
index 54817e4..1dfac3d 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnRemoved.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnRemoved.java
@@ -22,7 +22,6 @@ import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.ProcessContext;
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnShutdown.java b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnShutdown.java
index 44098ff..905618a 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnShutdown.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnShutdown.java
@@ -22,7 +22,6 @@ import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.ProcessContext;
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnStopped.java b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnStopped.java
index cdec8d0..647c2ec 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnStopped.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnStopped.java
@@ -22,7 +22,6 @@ import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.ProcessContext;
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/ConfigurableComponent.java b/nifi-api/src/main/java/org/apache/nifi/components/ConfigurableComponent.java
index 2f693da..4c5537e 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/ConfigurableComponent.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/ConfigurableComponent.java
@@ -18,7 +18,6 @@ package org.apache.nifi.components;
import java.util.Collection;
import java.util.List;
-
import org.apache.nifi.annotation.lifecycle.OnConfigurationRestored;
public interface ConfigurableComponent {
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/PropertyDescriptor.java b/nifi-api/src/main/java/org/apache/nifi/components/PropertyDescriptor.java
index e39b75d..0e23510 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/PropertyDescriptor.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/PropertyDescriptor.java
@@ -22,7 +22,6 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;
-
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.expression.ExpressionLanguageScope;
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/PropertyValue.java b/nifi-api/src/main/java/org/apache/nifi/components/PropertyValue.java
index 05f262f..edafaee 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/PropertyValue.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/PropertyValue.java
@@ -18,7 +18,6 @@ package org.apache.nifi.components;
import java.util.Map;
import java.util.concurrent.TimeUnit;
-
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.expression.AttributeValueDecorator;
import org.apache.nifi.flowfile.FlowFile;
@@ -277,7 +276,7 @@ public interface PropertyValue {
* @throws ProcessException if the Expression cannot be compiled or evaluating
* the Expression against the given attributes causes an Exception to be thrown
*/
- public PropertyValue evaluateAttributeExpressions(FlowFile flowFile, Map<String, String> additionalAttributes, AttributeValueDecorator decorator, Map<String, String> stateValues)
+ PropertyValue evaluateAttributeExpressions(FlowFile flowFile, Map<String, String> additionalAttributes, AttributeValueDecorator decorator, Map<String, String> stateValues)
throws ProcessException;
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/ValidationContext.java b/nifi-api/src/main/java/org/apache/nifi/components/ValidationContext.java
index acaffd7..56f566e 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/ValidationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/ValidationContext.java
@@ -16,14 +16,13 @@
*/
package org.apache.nifi.components;
+import java.util.Collection;
+import java.util.Map;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.expression.ExpressionLanguageCompiler;
-import java.util.Collection;
-import java.util.Map;
-
public interface ValidationContext extends PropertyContext {
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/state/StateManager.java b/nifi-api/src/main/java/org/apache/nifi/components/state/StateManager.java
index 768f773..1669ea1 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/state/StateManager.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/state/StateManager.java
@@ -19,7 +19,6 @@ package org.apache.nifi.components.state;
import java.io.IOException;
import java.util.Map;
-
import org.apache.nifi.annotation.behavior.Stateful;
import org.apache.nifi.components.state.exception.StateTooLargeException;
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/state/exception/StateTooLargeException.java b/nifi-api/src/main/java/org/apache/nifi/components/state/exception/StateTooLargeException.java
index 5461b40..41c8b24 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/state/exception/StateTooLargeException.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/state/exception/StateTooLargeException.java
@@ -17,9 +17,8 @@
package org.apache.nifi.components.state.exception;
-import org.apache.nifi.components.state.StateManager;
-
import java.io.IOException;
+import org.apache.nifi.components.state.StateManager;
/**
* Thrown when attempting to store state via the {@link StateManager} but the state being
diff --git a/nifi-api/src/main/java/org/apache/nifi/context/PropertyContext.java b/nifi-api/src/main/java/org/apache/nifi/context/PropertyContext.java
index 2771927..5b22a19 100644
--- a/nifi-api/src/main/java/org/apache/nifi/context/PropertyContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/context/PropertyContext.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.context;
+import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
-import java.util.Map;
-
/**
* A context for retrieving a PropertyValue from a PropertyDescriptor.
*/
diff --git a/nifi-api/src/main/java/org/apache/nifi/controller/ConfigurationContext.java b/nifi-api/src/main/java/org/apache/nifi/controller/ConfigurationContext.java
index c1316b5..f4a602a 100644
--- a/nifi-api/src/main/java/org/apache/nifi/controller/ConfigurationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/controller/ConfigurationContext.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.controller;
-import org.apache.nifi.components.PropertyDescriptor;
-import org.apache.nifi.context.PropertyContext;
-
import java.util.Map;
import java.util.concurrent.TimeUnit;
+import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.context.PropertyContext;
/**
* This context is passed to ControllerServices and Reporting Tasks in order
diff --git a/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java b/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java
index f9433d7..758a059 100644
--- a/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java
+++ b/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java
@@ -16,12 +16,11 @@
*/
package org.apache.nifi.controller.status;
-import org.apache.nifi.registry.flow.VersionedFlowState;
-
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
+import org.apache.nifi.registry.flow.VersionedFlowState;
/**
*/
diff --git a/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessorStatus.java b/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessorStatus.java
index 93a6d87..ba90534 100644
--- a/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessorStatus.java
+++ b/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessorStatus.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.controller.status;
-import org.apache.nifi.scheduling.ExecutionNode;
-
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
+import org.apache.nifi.scheduling.ExecutionNode;
/**
*/
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/AbstractDocumentationWriter.java b/nifi-api/src/main/java/org/apache/nifi/documentation/AbstractDocumentationWriter.java
index d3c64d4..2c24f5c 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/AbstractDocumentationWriter.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/AbstractDocumentationWriter.java
@@ -16,6 +16,14 @@
*/
package org.apache.nifi.documentation;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
import org.apache.nifi.annotation.behavior.DynamicProperties;
import org.apache.nifi.annotation.behavior.DynamicProperty;
import org.apache.nifi.annotation.behavior.DynamicRelationship;
@@ -42,15 +50,6 @@ import org.apache.nifi.processor.Relationship;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.reporting.ReportingTask;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
/**
* Base class for DocumentationWriter that simplifies iterating over all information for a component, creating a separate method
* for each, to ensure that implementations properly override all methods and therefore properly account for all information about
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/ExtensionDocumentationWriter.java b/nifi-api/src/main/java/org/apache/nifi/documentation/ExtensionDocumentationWriter.java
index f4b2492..7681c09 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/ExtensionDocumentationWriter.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/ExtensionDocumentationWriter.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.documentation;
-import org.apache.nifi.components.ConfigurableComponent;
-
import java.io.IOException;
import java.util.Collection;
import java.util.Map;
+import org.apache.nifi.components.ConfigurableComponent;
/**
* Generates documentation for an instance of a ConfigurableComponent.
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationControllerServiceInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationControllerServiceInitializationContext.java
index 68637aa..cb8a0f2 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationControllerServiceInitializationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationControllerServiceInitializationContext.java
@@ -16,15 +16,14 @@
*/
package org.apache.nifi.documentation.init;
+import java.io.File;
+import java.util.UUID;
import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.controller.ControllerServiceInitializationContext;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
import org.apache.nifi.logging.ComponentLog;
-import java.io.File;
-import java.util.UUID;
-
public class DocumentationControllerServiceInitializationContext implements ControllerServiceInitializationContext {
private final String id = UUID.randomUUID().toString();
private final ControllerServiceLookup serviceLookup = new EmptyControllerServiceLookup();
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationProcessorInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationProcessorInitializationContext.java
index c7a5e40..a48dcb6 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationProcessorInitializationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationProcessorInitializationContext.java
@@ -16,14 +16,13 @@
*/
package org.apache.nifi.documentation.init;
+import java.io.File;
+import java.util.UUID;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.ProcessorInitializationContext;
-import java.io.File;
-import java.util.UUID;
-
public class DocumentationProcessorInitializationContext implements ProcessorInitializationContext {
private final String uuid = UUID.randomUUID().toString();
private final NodeTypeProvider nodeTypeProvider = new StandaloneNodeTypeProvider();
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationReportingInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationReportingInitializationContext.java
index 4697ee8..bcf216e 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationReportingInitializationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationReportingInitializationContext.java
@@ -16,16 +16,15 @@
*/
package org.apache.nifi.documentation.init;
+import java.io.File;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.reporting.ReportingInitializationContext;
import org.apache.nifi.scheduling.SchedulingStrategy;
-import java.io.File;
-import java.util.UUID;
-import java.util.concurrent.TimeUnit;
-
public class DocumentationReportingInitializationContext implements ReportingInitializationContext {
private final String id = UUID.randomUUID().toString();
private final ComponentLog componentLog = new NopComponentLog();
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/init/EmptyControllerServiceLookup.java b/nifi-api/src/main/java/org/apache/nifi/documentation/init/EmptyControllerServiceLookup.java
index 4831198..5cda2af 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/init/EmptyControllerServiceLookup.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/init/EmptyControllerServiceLookup.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.documentation.init;
+import java.util.Set;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceLookup;
-import java.util.Set;
-
public class EmptyControllerServiceLookup implements ControllerServiceLookup {
@Override
public ControllerService getControllerService(final String serviceIdentifier) {
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/init/NopStateManager.java b/nifi-api/src/main/java/org/apache/nifi/documentation/init/NopStateManager.java
index 5e2c955..4b4e21e 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/init/NopStateManager.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/init/NopStateManager.java
@@ -16,12 +16,11 @@
*/
package org.apache.nifi.documentation.init;
+import java.util.Map;
import org.apache.nifi.components.state.Scope;
import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.components.state.StateMap;
-import java.util.Map;
-
public class NopStateManager implements StateManager {
@Override
public void setState(final Map<String, String> state, final Scope scope) {
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/xml/XmlDocumentationWriter.java b/nifi-api/src/main/java/org/apache/nifi/documentation/xml/XmlDocumentationWriter.java
index 59813a2..01c0bdc 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/xml/XmlDocumentationWriter.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/xml/XmlDocumentationWriter.java
@@ -16,6 +16,19 @@
*/
package org.apache.nifi.documentation.xml;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.function.Function;
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
import org.apache.nifi.annotation.behavior.DynamicProperty;
import org.apache.nifi.annotation.behavior.DynamicRelationship;
import org.apache.nifi.annotation.behavior.InputRequirement;
@@ -36,20 +49,6 @@ import org.apache.nifi.documentation.ExtensionType;
import org.apache.nifi.documentation.ServiceAPI;
import org.apache.nifi.processor.Relationship;
-import javax.xml.stream.XMLOutputFactory;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamWriter;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.function.Function;
-
/**
* XML-based implementation of DocumentationWriter
*
@@ -423,7 +422,7 @@ public class XmlDocumentationWriter extends AbstractDocumentationWriter {
private void writeEndElement() throws IOException {
try {
- writer.writeEndElement();;
+ writer.writeEndElement();
} catch (final XMLStreamException e) {
throw new IOException(e);
}
diff --git a/nifi-api/src/main/java/org/apache/nifi/processor/AbstractSessionFactoryProcessor.java b/nifi-api/src/main/java/org/apache/nifi/processor/AbstractSessionFactoryProcessor.java
index 029f459..2394805 100644
--- a/nifi-api/src/main/java/org/apache/nifi/processor/AbstractSessionFactoryProcessor.java
+++ b/nifi-api/src/main/java/org/apache/nifi/processor/AbstractSessionFactoryProcessor.java
@@ -18,7 +18,6 @@ package org.apache.nifi.processor;
import java.util.Collections;
import java.util.Set;
-
import org.apache.nifi.annotation.lifecycle.OnConfigurationRestored;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnUnscheduled;
diff --git a/nifi-api/src/main/java/org/apache/nifi/processor/ProcessContext.java b/nifi-api/src/main/java/org/apache/nifi/processor/ProcessContext.java
index ea925ec..4ce6367 100644
--- a/nifi-api/src/main/java/org/apache/nifi/processor/ProcessContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/processor/ProcessContext.java
@@ -18,7 +18,6 @@ package org.apache.nifi.processor;
import java.util.Map;
import java.util.Set;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.state.StateManager;
diff --git a/nifi-api/src/main/java/org/apache/nifi/processor/ProcessSession.java b/nifi-api/src/main/java/org/apache/nifi/processor/ProcessSession.java
index 58f579f..2e2d4ee 100644
--- a/nifi-api/src/main/java/org/apache/nifi/processor/ProcessSession.java
+++ b/nifi-api/src/main/java/org/apache/nifi/processor/ProcessSession.java
@@ -24,7 +24,6 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
-
import org.apache.nifi.controller.queue.QueueSize;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.exception.FlowFileAccessException;
diff --git a/nifi-api/src/main/java/org/apache/nifi/processor/Processor.java b/nifi-api/src/main/java/org/apache/nifi/processor/Processor.java
index 98efc68..34e4742 100644
--- a/nifi-api/src/main/java/org/apache/nifi/processor/Processor.java
+++ b/nifi-api/src/main/java/org/apache/nifi/processor/Processor.java
@@ -17,7 +17,6 @@
package org.apache.nifi.processor;
import java.util.Set;
-
import org.apache.nifi.components.ConfigurableComponent;
import org.apache.nifi.processor.exception.ProcessException;
diff --git a/nifi-api/src/main/java/org/apache/nifi/processor/exception/TerminatedTaskException.java b/nifi-api/src/main/java/org/apache/nifi/processor/exception/TerminatedTaskException.java
index 602ad1d..a55ed62 100644
--- a/nifi-api/src/main/java/org/apache/nifi/processor/exception/TerminatedTaskException.java
+++ b/nifi-api/src/main/java/org/apache/nifi/processor/exception/TerminatedTaskException.java
@@ -19,7 +19,6 @@ package org.apache.nifi.processor.exception;
import java.io.InputStream;
import java.io.OutputStream;
-
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.ProcessSessionFactory;
diff --git a/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceEventBuilder.java b/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceEventBuilder.java
index 38e39a2..be4fd5e 100644
--- a/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceEventBuilder.java
+++ b/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceEventBuilder.java
@@ -18,7 +18,6 @@ package org.apache.nifi.provenance;
import java.util.List;
import java.util.Map;
-
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.Processor;
import org.apache.nifi.processor.Relationship;
diff --git a/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceReporter.java b/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceReporter.java
index a8f12a1..442f130 100644
--- a/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceReporter.java
+++ b/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceReporter.java
@@ -16,12 +16,11 @@
*/
package org.apache.nifi.provenance;
+import java.util.Collection;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.Relationship;
-import java.util.Collection;
-
/**
* ProvenanceReporter generates and records Provenance-related events. A
* ProvenanceReporter is always tied to a {@link ProcessSession}. Any events
diff --git a/nifi-api/src/main/java/org/apache/nifi/reporting/AbstractReportingTask.java b/nifi-api/src/main/java/org/apache/nifi/reporting/AbstractReportingTask.java
index 339231a..a2fd119 100644
--- a/nifi-api/src/main/java/org/apache/nifi/reporting/AbstractReportingTask.java
+++ b/nifi-api/src/main/java/org/apache/nifi/reporting/AbstractReportingTask.java
@@ -17,7 +17,6 @@
package org.apache.nifi.reporting;
import java.util.concurrent.TimeUnit;
-
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.components.AbstractConfigurableComponent;
import org.apache.nifi.controller.ConfigurationContext;
diff --git a/nifi-api/src/main/java/org/apache/nifi/reporting/EventAccess.java b/nifi-api/src/main/java/org/apache/nifi/reporting/EventAccess.java
index c219032..e4b556e 100644
--- a/nifi-api/src/main/java/org/apache/nifi/reporting/EventAccess.java
+++ b/nifi-api/src/main/java/org/apache/nifi/reporting/EventAccess.java
@@ -16,14 +16,13 @@
*/
package org.apache.nifi.reporting;
+import java.io.IOException;
+import java.util.List;
import org.apache.nifi.action.Action;
import org.apache.nifi.controller.status.ProcessGroupStatus;
import org.apache.nifi.provenance.ProvenanceEventRecord;
import org.apache.nifi.provenance.ProvenanceEventRepository;
-import java.io.IOException;
-import java.util.List;
-
public interface EventAccess {
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingContext.java b/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingContext.java
index 253089d..85cf844 100644
--- a/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingContext.java
@@ -16,13 +16,12 @@
*/
package org.apache.nifi.reporting;
+import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.controller.ControllerServiceLookup;
-import java.util.Map;
-
/**
* This interface provides a bridge between the NiFi Framework and a
* {@link ReportingTask}. This context allows a ReportingTask to access
diff --git a/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingInitializationContext.java
index 0bf49d3..978b421 100644
--- a/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingInitializationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingInitializationContext.java
@@ -17,7 +17,6 @@
package org.apache.nifi.reporting;
import java.util.concurrent.TimeUnit;
-
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
import org.apache.nifi.kerberos.KerberosContext;
diff --git a/nifi-api/src/test/java/org/apache/nifi/processor/TestDataUnit.java b/nifi-api/src/test/java/org/apache/nifi/processor/TestDataUnit.java
index 3e6a235..a06afdf 100644
--- a/nifi-api/src/test/java/org/apache/nifi/processor/TestDataUnit.java
+++ b/nifi-api/src/test/java/org/apache/nifi/processor/TestDataUnit.java
@@ -16,10 +16,10 @@
*/
package org.apache.nifi.processor;
-import org.junit.Test;
-
import static org.junit.Assert.assertEquals;
+import org.junit.Test;
+
/**
*
*/
diff --git a/nifi-api/src/test/java/org/apache/nifi/registry/TestVariableRegistry.java b/nifi-api/src/test/java/org/apache/nifi/registry/TestVariableRegistry.java
index e326fab..6c66323 100644
--- a/nifi-api/src/test/java/org/apache/nifi/registry/TestVariableRegistry.java
+++ b/nifi-api/src/test/java/org/apache/nifi/registry/TestVariableRegistry.java
@@ -16,10 +16,11 @@
*/
package org.apache.nifi.registry;
-import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
+import org.junit.Test;
+
public class TestVariableRegistry {
@Test
diff --git a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java
index fdb4c2d..5eb9ced 100644
--- a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java
+++ b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java
@@ -39,6 +39,7 @@ import org.apache.nifi.expression.AttributeExpression;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
public class HttpNotificationService extends AbstractNotificationService {
@@ -215,7 +216,7 @@ public class HttpNotificationService extends AbstractNotificationService {
String truststorePath = context.getProperty(HttpNotificationService.PROP_TRUSTSTORE).getValue();
String truststorePassword = context.getProperty(HttpNotificationService.PROP_TRUSTSTORE_PASSWORD).getValue();
String truststoreType = context.getProperty(HttpNotificationService.PROP_TRUSTSTORE_TYPE).getValue();
- return new TlsConfiguration(keystorePath, keystorePassword, keyPassword, keystoreType, truststorePath, truststorePassword, truststoreType);
+ return new StandardTlsConfiguration(keystorePath, keystorePassword, keyPassword, keystoreType, truststorePath, truststorePassword, truststoreType);
}
@Override
diff --git a/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/http/TestHttpNotificationServiceSSL.java b/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/http/TestHttpNotificationServiceSSL.java
index ac280cf..5fbbd7c 100644
--- a/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/http/TestHttpNotificationServiceSSL.java
+++ b/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/http/TestHttpNotificationServiceSSL.java
@@ -31,8 +31,9 @@ import javax.net.ssl.SSLContext;
import javax.xml.parsers.ParserConfigurationException;
import okhttp3.mockwebserver.MockWebServer;
import org.apache.nifi.bootstrap.NotificationServiceManager;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.junit.After;
@@ -135,9 +136,9 @@ public class TestHttpNotificationServiceSSL extends TestHttpNotificationServiceC
mockWebServer = new MockWebServer();
- TlsConfiguration tlsConfiguration = new TlsConfiguration("./src/test/resources/keystore.jks", "passwordpassword", null, "JKS",
- "./src/test/resources/truststore.jks", "passwordpassword", "JKS", CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration("./src/test/resources/keystore.jks", "passwordpassword", null, "JKS",
+ "./src/test/resources/truststore.jks", "passwordpassword", "JKS", TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.REQUIRED);
mockWebServer.useHttps(sslContext.getSocketFactory(), false);
String configFileOutput = CONFIGURATION_FILE_TEXT.replace("${test.server}", String.valueOf(mockWebServer.url("/")));
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml b/nifi-commons/nifi-security-utils-api/pom.xml
similarity index 66%
copy from nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml
copy to nifi-commons/nifi-security-utils-api/pom.xml
index 2d6bde6..02dbe52 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml
+++ b/nifi-commons/nifi-security-utils-api/pom.xml
@@ -16,21 +16,17 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache.nifi</groupId>
- <artifactId>nifi-standard-services</artifactId>
- <version>1.12.1-SNAPSHOT</version>
+ <artifactId>nifi-commons</artifactId>
+ <version>1.13.0-SNAPSHOT</version>
</parent>
- <artifactId>nifi-ssl-context-service-api</artifactId>
- <packaging>jar</packaging>
- <dependencies>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-security-utils</artifactId>
- <version>1.12.1-SNAPSHOT</version>
- <scope>compile</scope>
- </dependency>
- </dependencies>
+ <artifactId>nifi-security-utils-api</artifactId>
+ <description>
+ This nifi-security-utils-api module holds reusable code necessary for security
+ across the project. This module is included in a number of api modules and must
+ have no external dependencies.
+ </description>
+ <!--
+ This module cannot have any external dependencies as it is referred to by many *-api modules
+ -->
</project>
+
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeystoreType.java b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/ClientAuth.java
similarity index 55%
copy from nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeystoreType.java
copy to nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/ClientAuth.java
index ea47463..df6d735 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeystoreType.java
+++ b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/ClientAuth.java
@@ -18,19 +18,19 @@ package org.apache.nifi.security.util;
import java.util.Arrays;
import java.util.stream.Collectors;
-import org.apache.nifi.util.StringUtils;
/**
- * Keystore types.
+ * This enum is used to indicate the three possible options for a server requesting a client certificate during TLS handshake negotiation.
*/
-public enum KeystoreType {
- PKCS12("PKCS12", "A PKCS12 Keystore"),
- JKS("JKS", "A Java Keystore");
+public enum ClientAuth {
+ WANT("Want", "Requests the client certificate on handshake and validates if present but does not require it"),
+ REQUIRED("Required", "Requests the client certificate on handshake and rejects the connection if it is not present and valid"),
+ NONE("None", "Does not request the client certificate on handshake");
private final String type;
private final String description;
- KeystoreType(String type, String description) {
+ ClientAuth(String type, String description) {
this.type = type;
this.description = description;
}
@@ -45,13 +45,22 @@ public enum KeystoreType {
@Override
public String toString() {
- return getType();
+ StringBuilder sb = new StringBuilder("[SslContextFactory]");
+ sb.append("type=").append(type);
+ sb.append("description=").append(description);
+ return sb.toString();
}
- public static boolean isValidKeystoreType(String type) {
- if (StringUtils.isBlank(type)) {
+ /**
+ * Returns {@code true} if the provided type is a valid {@link ClientAuth} type.
+ *
+ * @param type the raw type string
+ * @return true if the type is valid
+ */
+ public static boolean isValidClientAuthType(String type) {
+ if (type == null || type.replaceAll("\\s", "").isEmpty()) {
return false;
}
- return (Arrays.stream(values()).map(kt -> kt.getType().toLowerCase()).collect(Collectors.toList()).contains(type.toLowerCase()));
+ return (Arrays.stream(values()).map(ca -> ca.getType().toLowerCase()).collect(Collectors.toList()).contains(type.toLowerCase()));
}
}
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeystoreType.java b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/KeystoreType.java
similarity index 95%
rename from nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeystoreType.java
rename to nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/KeystoreType.java
index ea47463..b5347e3 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeystoreType.java
+++ b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/KeystoreType.java
@@ -18,7 +18,6 @@ package org.apache.nifi.security.util;
import java.util.Arrays;
import java.util.stream.Collectors;
-import org.apache.nifi.util.StringUtils;
/**
* Keystore types.
@@ -49,7 +48,7 @@ public enum KeystoreType {
}
public static boolean isValidKeystoreType(String type) {
- if (StringUtils.isBlank(type)) {
+ if (type == null || type.replaceAll("\\s", "").isEmpty()) {
return false;
}
return (Arrays.stream(values()).map(kt -> kt.getType().toLowerCase()).collect(Collectors.toList()).contains(type.toLowerCase()));
diff --git a/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java
new file mode 100644
index 0000000..b696fa1
--- /dev/null
+++ b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java
@@ -0,0 +1,219 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.security.util;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * This interface serves as an immutable domain object (acting as an internal DTO) for
+ * the various keystore and truststore configuration settings necessary for building
+ * {@link javax.net.ssl.SSLContext}s.
+ */
+public interface TlsConfiguration {
+ String JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION = "TLSv1.2";
+ String JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION = "TLSv1.3";
+ String[] JAVA_8_SUPPORTED_TLS_PROTOCOL_VERSIONS = new String[]{JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION};
+ String[] JAVA_11_SUPPORTED_TLS_PROTOCOL_VERSIONS = new String[]{JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION, JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION};
+
+
+ /**
+ * Returns {@code true} if the provided TlsConfiguration is {@code null} or <em>empty</em>
+ * (i.e. neither any of the keystore nor truststore properties are populated).
+ *
+ * @param tlsConfiguration the container object to check
+ * @return true if this container is empty or null
+ */
+ static boolean isEmpty(TlsConfiguration tlsConfiguration) {
+ return tlsConfiguration == null || !(tlsConfiguration.isAnyKeystorePopulated() || tlsConfiguration.isAnyTruststorePopulated());
+ }
+
+ // Getters & setters
+
+ String getKeystorePath();
+
+ String getKeystorePassword();
+
+ /**
+ * Returns {@code "********"} if the keystore password is populated, {@code "null"} if not.
+ *
+ * @return a loggable String representation of the keystore password
+ */
+ String getKeystorePasswordForLogging();
+
+ String getKeyPassword();
+
+ /**
+ * Returns {@code "********"} if the key password is populated, {@code "null"} if not.
+ *
+ * @return a loggable String representation of the key password
+ */
+ String getKeyPasswordForLogging();
+
+ /**
+ * Returns the "working" key password -- if the key password is populated, it is returned; otherwise the {@link #getKeystorePassword()} is returned.
+ *
+ * @return the key or keystore password actually populated
+ */
+ String getFunctionalKeyPassword();
+
+ /**
+ * Returns {@code "********"} if the functional key password is populated, {@code "null"} if not.
+ *
+ * @return a loggable String representation of the functional key password
+ */
+ String getFunctionalKeyPasswordForLogging();
+
+ KeystoreType getKeystoreType();
+
+ String getTruststorePath();
+
+ String getTruststorePassword();
+
+ /**
+ * Returns {@code "********"} if the truststore password is populated, {@code "null"} if not.
+ *
+ * @return a loggable String representation of the truststore password
+ */
+ String getTruststorePasswordForLogging();
+
+ KeystoreType getTruststoreType();
+
+ String getProtocol();
+
+ // Boolean validators for keystore & truststore
+
+ /**
+ * Returns {@code true} if the necessary properties are populated to instantiate a <strong>keystore</strong>. This does <em>not</em> validate the values (see {@link #isKeystoreValid()}).
+ *
+ * @return true if the path, password, and type are present
+ */
+ boolean isKeystorePopulated();
+
+ /**
+ * Returns {@code true} if <em>any</em> of the keystore properties is populated, indicating that the caller expects a valid keystore to be generated.
+ *
+ * @return true if any keystore properties are present
+ */
+ boolean isAnyKeystorePopulated();
+
+ /**
+ * Returns {@code true} if the necessary properties are populated and the keystore can be successfully instantiated (i.e. the path is valid and the password(s) are correct).
+ *
+ * @return true if the keystore properties are valid
+ */
+ boolean isKeystoreValid();
+
+ /**
+ * Returns {@code true} if the necessary properties are populated to instantiate a <strong>truststore</strong>. This does <em>not</em> validate the values (see {@link #isTruststoreValid()}).
+ *
+ * @return true if the path, password, and type are present
+ */
+ boolean isTruststorePopulated();
+
+ /**
+ * Returns {@code true} if <em>any</em> of the truststore properties is populated, indicating that the caller expects a valid truststore to be generated.
+ *
+ * @return true if any truststore properties are present
+ */
+ boolean isAnyTruststorePopulated();
+
+ /**
+ * Returns {@code true} if the necessary properties are populated and the truststore can be successfully instantiated (i.e. the path is valid and the password is correct).
+ *
+ * @return true if the truststore properties are valid
+ */
+ boolean isTruststoreValid();
+
+ /**
+ * Returns a {@code String[]} containing the keystore properties for logging. The order is
+ * {@link #getKeystorePath()}, {@link #getKeystorePasswordForLogging()},
+ * {@link #getFunctionalKeyPasswordForLogging()}, {@link #getKeystoreType()} (using the type or "null").
+ *
+ * @return a loggable String[]
+ */
+ String[] getKeystorePropertiesForLogging();
+
+ /**
+ * Returns a {@code String[]} containing the truststore properties for logging. The order is
+ * {@link #getTruststorePath()}, {@link #getTruststorePasswordForLogging()},
+ * {@link #getTruststoreType()} (using the type or "null").
+ *
+ * @return a loggable String[]
+ */
+ String[] getTruststorePropertiesForLogging();
+
+ /**
+ * Returns the JVM Java major version based on the System properties (e.g. {@code JVM 1.8.0.231} -> {code 8}).
+ *
+ * @return the Java major version
+ */
+ static int getJavaVersion() {
+ String version = System.getProperty("java.version");
+ return parseJavaVersion(version);
+ }
+
+ /**
+ * Returns the major version parsed from the provided Java version string (e.g. {@code "1.8.0.231"} -> {@code 8}).
+ *
+ * @param version the Java version string
+ * @return the major version as an int
+ */
+ static int parseJavaVersion(String version) {
+ String majorVersion;
+ if (version.startsWith("1.")) {
+ majorVersion = version.substring(2, 3);
+ } else {
+ Pattern majorVersion9PlusPattern = Pattern.compile("(\\d+).*");
+ Matcher m = majorVersion9PlusPattern.matcher(version);
+ if (m.find()) {
+ majorVersion = m.group(1);
+ } else {
+ throw new IllegalArgumentException("Could not detect major version of " + version);
+ }
+ }
+ return Integer.parseInt(majorVersion);
+ }
+
+ /**
+ * Returns a {@code String[]} of supported TLS protocol versions based on the current Java platform version.
+ *
+ * @return the supported TLS protocol version(s)
+ */
+ static String[] getCurrentSupportedTlsProtocolVersions() {
+ int javaMajorVersion = getJavaVersion();
+ if (javaMajorVersion < 11) {
+ return JAVA_8_SUPPORTED_TLS_PROTOCOL_VERSIONS;
+ } else {
+ return JAVA_11_SUPPORTED_TLS_PROTOCOL_VERSIONS;
+ }
+ }
+
+ /**
+ * Returns the highest supported TLS protocol version based on the current Java platform version.
+ *
+ * @return the TLS protocol (e.g. {@code "TLSv1.2"})
+ */
+ static String getHighestCurrentSupportedTlsProtocolVersion() {
+ int javaMajorVersion = getJavaVersion();
+ if (javaMajorVersion < 11) {
+ return JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION;
+ } else {
+ return JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION;
+ }
+ }
+}
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/TlsException.java b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsException.java
similarity index 100%
rename from nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/TlsException.java
rename to nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsException.java
diff --git a/nifi-commons/nifi-security-utils-api/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy b/nifi-commons/nifi-security-utils-api/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy
new file mode 100644
index 0000000..88e9524
--- /dev/null
+++ b/nifi-commons/nifi-security-utils-api/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.security.util
+
+
+import org.junit.After
+import org.junit.Before
+import org.junit.BeforeClass
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.junit.runners.JUnit4
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+@RunWith(JUnit4.class)
+class TlsConfigurationTest extends GroovyTestCase {
+ private static final Logger logger = LoggerFactory.getLogger(TlsConfigurationTest.class)
+
+ @BeforeClass
+ static void setUpOnce() {
+ logger.metaClass.methodMissing = { String name, args ->
+ logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
+ }
+ }
+
+ @Before
+ void setUp() {
+ super.setUp()
+
+ }
+
+ @After
+ void tearDown() {
+
+ }
+
+ @Test
+ void testShouldParseJavaVersion() {
+ // Arrange
+ def possibleVersions = ["1.5.0", "1.6.0", "1.7.0.123", "1.8.0.231", "9.0.1", "10.1.2", "11.2.3", "12.3.456"]
+
+ // Act
+ def majorVersions = possibleVersions.collect { String version ->
+ logger.debug("Attempting to determine major version of ${version}")
+ TlsConfiguration.parseJavaVersion(version)
+ }
+ logger.info("Major versions: ${majorVersions}")
+
+ // Assert
+ assert majorVersions == (5..12)
+ }
+
+ @Test
+ void testShouldGetCurrentSupportedTlsProtocolVersions() {
+ // Arrange
+ int javaMajorVersion = TlsConfiguration.getJavaVersion()
+ logger.debug("Running on Java version: ${javaMajorVersion}")
+
+ // Act
+ def tlsVersions = TlsConfiguration.getCurrentSupportedTlsProtocolVersions()
+ logger.info("Supported protocol versions for ${javaMajorVersion}: ${tlsVersions}")
+
+ // Assert
+ if (javaMajorVersion < 11) {
+ assert tlsVersions == ["TLSv1.2"] as String[]
+ } else {
+ assert tlsVersions == ["TLSv1.3", "TLSv1.2"] as String[]
+ }
+ }
+
+ @Test
+ void testShouldGetMaxCurrentSupportedTlsProtocolVersion() {
+ // Arrange
+ int javaMajorVersion = TlsConfiguration.getJavaVersion()
+ logger.debug("Running on Java version: ${javaMajorVersion}")
+
+ // Act
+ def tlsVersion = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion()
+ logger.info("Highest supported protocol version for ${javaMajorVersion}: ${tlsVersion}")
+
+ // Assert
+ if (javaMajorVersion < 11) {
+ assert tlsVersion == "TLSv1.2"
+ } else {
+ assert tlsVersion == "TLSv1.3"
+ }
+ }
+}
diff --git a/nifi-commons/nifi-security-utils/pom.xml b/nifi-commons/nifi-security-utils/pom.xml
index cf1b5d3..2b7bd58 100644
--- a/nifi-commons/nifi-security-utils/pom.xml
+++ b/nifi-commons/nifi-security-utils/pom.xml
@@ -38,6 +38,11 @@
<version>1.12.1-SNAPSHOT</version>
</dependency>
<dependency>
+ <groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-security-utils-api</artifactId>
+ <version>1.13.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<scope>provided</scope>
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
index a93c518..d3383ec 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
@@ -38,8 +38,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
@@ -50,8 +48,8 @@ import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
@@ -201,7 +199,7 @@ public final class CertificateUtils {
boolean clientMode = sslSocket.getUseClientMode();
logger.debug("SSL Socket in {} mode", clientMode ? "client" : "server");
- SslContextFactory.ClientAuth clientAuth = getClientAuthStatus(sslSocket);
+ ClientAuth clientAuth = getClientAuthStatus(sslSocket);
logger.debug("SSL Socket client auth status: {}", clientAuth);
if (clientMode) {
@@ -234,10 +232,10 @@ public final class CertificateUtils {
* This method should throw an exception if none are provided for need, return null if none are provided for want, and return null (without checking) for none.
*/
- SslContextFactory.ClientAuth clientAuth = getClientAuthStatus(sslSocket);
+ ClientAuth clientAuth = getClientAuthStatus(sslSocket);
logger.debug("SSL Socket client auth status: {}", clientAuth);
- if (clientAuth != SslContextFactory.ClientAuth.NONE) {
+ if (clientAuth != ClientAuth.NONE) {
try {
final Certificate[] certChains = sslSocket.getSession().getPeerCertificates();
if (certChains != null && certChains.length > 0) {
@@ -250,9 +248,9 @@ public final class CertificateUtils {
logger.error("The incoming request did not contain client certificates and thus the DN cannot" +
" be extracted. Check that the other endpoint is providing a complete client certificate chain");
}
- if (clientAuth == SslContextFactory.ClientAuth.WANT) {
+ if (clientAuth == ClientAuth.WANT) {
logger.warn("Suppressing missing client certificate exception because client auth is set to 'want'");
- return dn;
+ return null;
}
throw new CertificateException(e);
}
@@ -289,8 +287,8 @@ public final class CertificateUtils {
return dn;
}
- private static SslContextFactory.ClientAuth getClientAuthStatus(SSLSocket sslSocket) {
- return sslSocket.getNeedClientAuth() ? SslContextFactory.ClientAuth.REQUIRED : sslSocket.getWantClientAuth() ? SslContextFactory.ClientAuth.WANT : SslContextFactory.ClientAuth.NONE;
+ private static ClientAuth getClientAuthStatus(SSLSocket sslSocket) {
+ return sslSocket.getNeedClientAuth() ? ClientAuth.REQUIRED : sslSocket.getWantClientAuth() ? ClientAuth.WANT : ClientAuth.NONE;
}
/**
@@ -627,66 +625,6 @@ public final class CertificateUtils {
}
}
- /**
- * Returns the JVM Java major version based on the System properties (e.g. {@code JVM 1.8.0.231} -> {code 8}).
- *
- * @return the Java major version
- */
- public static int getJavaVersion() {
- String version = System.getProperty("java.version");
- return parseJavaVersion(version);
- }
-
- /**
- * Returns the major version parsed from the provided Java version string (e.g. {@code "1.8.0.231"} -> {@code 8}).
- *
- * @param version the Java version string
- * @return the major version as an int
- */
- public static int parseJavaVersion(String version) {
- String majorVersion;
- if (version.startsWith("1.")) {
- majorVersion = version.substring(2, 3);
- } else {
- Pattern majorVersion9PlusPattern = Pattern.compile("(\\d+).*");
- Matcher m = majorVersion9PlusPattern.matcher(version);
- if (m.find()) {
- majorVersion = m.group(1);
- } else {
- throw new IllegalArgumentException("Could not detect major version of " + version);
- }
- }
- return Integer.parseInt(majorVersion);
- }
-
- /**
- * Returns a {@code String[]} of supported TLS protocol versions based on the current Java platform version.
- *
- * @return the supported TLS protocol version(s)
- */
- public static String[] getCurrentSupportedTlsProtocolVersions() {
- int javaMajorVersion = getJavaVersion();
- if (javaMajorVersion < 11) {
- return JAVA_8_SUPPORTED_TLS_PROTOCOL_VERSIONS;
- } else {
- return JAVA_11_SUPPORTED_TLS_PROTOCOL_VERSIONS;
- }
- }
-
- /**
- * Returns the highest supported TLS protocol version based on the current Java platform version.
- *
- * @return the TLS protocol (e.g. {@code "TLSv1.2"})
- */
- public static String getHighestCurrentSupportedTlsProtocolVersion() {
- int javaMajorVersion = getJavaVersion();
- if (javaMajorVersion < 11) {
- return JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION;
- } else {
- return JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION;
- }
- }
-
private CertificateUtils() {
}
}
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java
index 39dcafa..6a5e546 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java
@@ -21,7 +21,6 @@ import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Optional;
-import java.util.stream.Collectors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@@ -29,9 +28,6 @@ import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
-import org.apache.commons.lang3.builder.ToStringBuilder;
-import org.apache.commons.lang3.builder.ToStringStyle;
-import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -44,46 +40,7 @@ import org.slf4j.LoggerFactory;
public final class SslContextFactory {
private static final Logger logger = LoggerFactory.getLogger(SslContextFactory.class);
- /**
- * This enum is used to indicate the three possible options for a server requesting a client certificate during TLS handshake negotiation.
- */
- public enum ClientAuth {
- WANT("Want", "Requests the client certificate on handshake and validates if present but does not require it"),
- REQUIRED("Required", "Requests the client certificate on handshake and rejects the connection if it is not present and valid"),
- NONE("None", "Does not request the client certificate on handshake");
-
- private final String type;
- private final String description;
-
- ClientAuth(String type, String description) {
- this.type = type;
- this.description = description;
- }
-
- public String getType() {
- return this.type;
- }
-
- public String getDescription() {
- return this.description;
- }
-
- @Override
- public String toString() {
- final ToStringBuilder builder = new ToStringBuilder(this);
- ToStringBuilder.setDefaultStyle(ToStringStyle.SHORT_PREFIX_STYLE);
- builder.append("Type", type);
- builder.append("Description", description);
- return builder.toString();
- }
-
- public static boolean isValidClientAuthType(String type) {
- if (StringUtils.isBlank(type)) {
- return false;
- }
- return (Arrays.stream(values()).map(ca -> ca.getType().toLowerCase()).collect(Collectors.toList()).contains(type.toLowerCase()));
- }
- }
+ // TODO: Move to nifi-security-utils-core
/**
* Returns a configured {@link SSLContext} from the provided TLS configuration. Hardcodes the
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/StandardTlsConfiguration.java
similarity index 79%
rename from nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java
rename to nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/StandardTlsConfiguration.java
index 021986b..dfaab7b 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/StandardTlsConfiguration.java
@@ -19,19 +19,21 @@ package org.apache.nifi.security.util;
import java.io.File;
import java.net.MalformedURLException;
import java.util.Objects;
-import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
/**
- * This class serves as an immutable domain object (acting as an internal DTO) for the various keystore and truststore configuration settings necessary for building {@link javax.net.ssl.SSLContext}s.
+ * This class serves as a concrete immutable domain object (acting as an internal DTO)
+ * for the various keystore and truststore configuration settings necessary for
+ * building {@link javax.net.ssl.SSLContext}s.
*/
-public class TlsConfiguration {
- private static final Logger logger = LoggerFactory.getLogger(TlsConfiguration.class);
+public class StandardTlsConfiguration implements TlsConfiguration {
+ private static final Logger logger = LoggerFactory.getLogger(StandardTlsConfiguration.class);
- private static final String TLS_PROTOCOL_VERSION = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion();
+ private static final String TLS_PROTOCOL_VERSION = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion();
private static final String MASKED_PASSWORD_LOG = "********";
private static final String NULL_LOG = "null";
@@ -49,7 +51,7 @@ public class TlsConfiguration {
/**
* Default constructor present for testing and completeness.
*/
- public TlsConfiguration() {
+ public StandardTlsConfiguration() {
this(null, null, null, "", null, null, "", null);
}
@@ -63,7 +65,7 @@ public class TlsConfiguration {
* @param truststorePassword the truststore password
* @param truststoreType the truststore type
*/
- public TlsConfiguration(String keystorePath, String keystorePassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) {
+ public StandardTlsConfiguration(String keystorePath, String keystorePassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) {
this(keystorePath, keystorePassword, keystorePassword, keystoreType, truststorePath, truststorePassword, truststoreType, TLS_PROTOCOL_VERSION);
}
@@ -78,7 +80,7 @@ public class TlsConfiguration {
* @param truststorePassword the truststore password
* @param truststoreType the truststore type
*/
- public TlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
+ public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) {
this(keystorePath, keystorePassword, keyPassword, keystoreType, truststorePath, truststorePassword, truststoreType, TLS_PROTOCOL_VERSION);
}
@@ -94,7 +96,7 @@ public class TlsConfiguration {
* @param truststorePassword the truststore password
* @param truststoreType the truststore type as a String
*/
- public TlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
+ public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
String keystoreType, String truststorePath, String truststorePassword, String truststoreType) {
this(keystorePath, keystorePassword, keyPassword,
(KeystoreType.isValidKeystoreType(keystoreType) ? KeystoreType.valueOf(keystoreType.toUpperCase()) : null),
@@ -115,7 +117,7 @@ public class TlsConfiguration {
* @param truststoreType the truststore type as a String
* @param protocol the TLS protocol version string
*/
- public TlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
+ public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
String keystoreType, String truststorePath, String truststorePassword, String truststoreType, String protocol) {
this(keystorePath, keystorePassword, keyPassword,
(KeystoreType.isValidKeystoreType(keystoreType) ? KeystoreType.valueOf(keystoreType.toUpperCase()) : null),
@@ -136,7 +138,7 @@ public class TlsConfiguration {
* @param truststoreType the truststore type
* @param protocol the TLS protocol version string
*/
- public TlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
+ public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType, String protocol) {
this.keystorePath = keystorePath;
this.keystorePassword = keystorePassword;
@@ -153,26 +155,26 @@ public class TlsConfiguration {
*
* @param other the configuration to copy
*/
- public TlsConfiguration(TlsConfiguration other) {
- this.keystorePath = other.keystorePath;
- this.keystorePassword = other.keystorePassword;
- this.keyPassword = other.keyPassword;
- this.keystoreType = other.keystoreType;
- this.truststorePath = other.truststorePath;
- this.truststorePassword = other.truststorePassword;
- this.truststoreType = other.truststoreType;
- this.protocol = other.protocol;
+ public StandardTlsConfiguration(TlsConfiguration other) {
+ this.keystorePath = other.getKeystorePath();
+ this.keystorePassword = other.getKeystorePassword();
+ this.keyPassword = other.getKeyPassword();
+ this.keystoreType = other.getKeystoreType();
+ this.truststorePath = other.getTruststorePath();
+ this.truststorePassword = other.getTruststorePassword();
+ this.truststoreType = other.getTruststoreType();
+ this.protocol = other.getProtocol();
}
// Static factory method from NiFiProperties
/**
- * Returns a {@link TlsConfiguration} instantiated from the relevant {@link NiFiProperties} properties.
+ * Returns a {@link org.apache.nifi.security.util.TlsConfiguration} instantiated from the relevant {@link NiFiProperties} properties.
*
* @param niFiProperties the NiFi properties
* @return a populated TlsConfiguration container object
*/
- public static TlsConfiguration fromNiFiProperties(NiFiProperties niFiProperties) {
+ public static StandardTlsConfiguration fromNiFiProperties(NiFiProperties niFiProperties) {
if (niFiProperties == null) {
throw new IllegalArgumentException("The NiFi properties cannot be null");
}
@@ -186,7 +188,7 @@ public class TlsConfiguration {
String truststoreType = niFiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE);
String protocol = TLS_PROTOCOL_VERSION;
- final TlsConfiguration tlsConfiguration = new TlsConfiguration(keystorePath, keystorePassword, keyPassword,
+ final StandardTlsConfiguration tlsConfiguration = new StandardTlsConfiguration(keystorePath, keystorePassword, keyPassword,
keystoreType, truststorePath, truststorePassword,
truststoreType, protocol);
if (logger.isDebugEnabled()) {
@@ -199,12 +201,14 @@ public class TlsConfiguration {
}
/**
- * Returns a {@link TlsConfiguration} instantiated from the relevant {@link NiFiProperties} properties for the truststore <em>only</em>. No keystore properties are read or used.
+ * Returns a {@link org.apache.nifi.security.util.TlsConfiguration} instantiated
+ * from the relevant {@link NiFiProperties} properties for the truststore
+ * <em>only</em>. No keystore properties are read or used.
*
* @param niFiProperties the NiFi properties
* @return a populated TlsConfiguration container object
*/
- public static TlsConfiguration fromNiFiPropertiesTruststoreOnly(NiFiProperties niFiProperties) {
+ public static StandardTlsConfiguration fromNiFiPropertiesTruststoreOnly(NiFiProperties niFiProperties) {
if (niFiProperties == null) {
throw new IllegalArgumentException("The NiFi properties cannot be null");
}
@@ -214,7 +218,7 @@ public class TlsConfiguration {
String truststoreType = niFiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE);
String protocol = TLS_PROTOCOL_VERSION;
- final TlsConfiguration tlsConfiguration = new TlsConfiguration(null, null, null, null, truststorePath, truststorePassword,
+ final StandardTlsConfiguration tlsConfiguration = new StandardTlsConfiguration(null, null, null, null, truststorePath, truststorePassword,
truststoreType, protocol);
if (logger.isDebugEnabled()) {
logger.debug("Instantiating TlsConfiguration from NiFi properties: null x4, {}, {}, {}, {}",
@@ -224,23 +228,25 @@ public class TlsConfiguration {
return tlsConfiguration;
}
- /**
- * Returns {@code true} if the provided TlsConfiguration is {@code null} or <em>empty</em>
- * (i.e. neither any of the keystore nor truststore properties are populated).
- *
- * @param tlsConfiguration the container object to check
- * @return true if this container is empty or null
- */
- public static boolean isEmpty(TlsConfiguration tlsConfiguration) {
- return tlsConfiguration == null || !(tlsConfiguration.isAnyKeystorePopulated() || tlsConfiguration.isAnyTruststorePopulated());
- }
+ // /**
+ // * Returns {@code true} if the provided TlsConfiguration is {@code null} or <em>empty</em>
+ // * (i.e. neither any of the keystore nor truststore properties are populated).
+ // *
+ // * @param tlsConfiguration the container object to check
+ // * @return true if this container is empty or null
+ // */
+ // public static boolean isEmpty(org.apache.nifi.security.util.TlsConfiguration tlsConfiguration) {
+ // return tlsConfiguration == null || !(tlsConfiguration.isAnyKeystorePopulated() || tlsConfiguration.isAnyTruststorePopulated());
+ // }
// Getters & setters
+ @Override
public String getKeystorePath() {
return keystorePath;
}
+ @Override
public String getKeystorePassword() {
return keystorePassword;
}
@@ -250,10 +256,12 @@ public class TlsConfiguration {
*
* @return a loggable String representation of the keystore password
*/
+ @Override
public String getKeystorePasswordForLogging() {
return maskPasswordForLog(keystorePassword);
}
+ @Override
public String getKeyPassword() {
return keyPassword;
}
@@ -263,6 +271,7 @@ public class TlsConfiguration {
*
* @return a loggable String representation of the key password
*/
+ @Override
public String getKeyPasswordForLogging() {
return maskPasswordForLog(keyPassword);
}
@@ -272,6 +281,7 @@ public class TlsConfiguration {
*
* @return the key or keystore password actually populated
*/
+ @Override
public String getFunctionalKeyPassword() {
return StringUtils.isNotBlank(keyPassword) ? keyPassword : keystorePassword;
}
@@ -281,18 +291,22 @@ public class TlsConfiguration {
*
* @return a loggable String representation of the functional key password
*/
+ @Override
public String getFunctionalKeyPasswordForLogging() {
return maskPasswordForLog(getFunctionalKeyPassword());
}
+ @Override
public KeystoreType getKeystoreType() {
return keystoreType;
}
+ @Override
public String getTruststorePath() {
return truststorePath;
}
+ @Override
public String getTruststorePassword() {
return truststorePassword;
}
@@ -302,14 +316,17 @@ public class TlsConfiguration {
*
* @return a loggable String representation of the truststore password
*/
+ @Override
public String getTruststorePasswordForLogging() {
return maskPasswordForLog(truststorePassword);
}
+ @Override
public KeystoreType getTruststoreType() {
return truststoreType;
}
+ @Override
public String getProtocol() {
return protocol;
}
@@ -321,6 +338,7 @@ public class TlsConfiguration {
*
* @return true if the path, password, and type are present
*/
+ @Override
public boolean isKeystorePopulated() {
return isStorePopulated(keystorePath, keystorePassword, keystoreType, "keystore");
}
@@ -330,6 +348,7 @@ public class TlsConfiguration {
*
* @return true if any keystore properties are present
*/
+ @Override
public boolean isAnyKeystorePopulated() {
return isAnyPopulated(keystorePath, keystorePassword, keystoreType);
}
@@ -339,6 +358,7 @@ public class TlsConfiguration {
*
* @return true if the keystore properties are valid
*/
+ @Override
public boolean isKeystoreValid() {
boolean simpleCheck = isStoreValid(keystorePath, keystorePassword, keystoreType, "keystore");
if (simpleCheck) {
@@ -363,6 +383,7 @@ public class TlsConfiguration {
*
* @return true if the path, password, and type are present
*/
+ @Override
public boolean isTruststorePopulated() {
return isStorePopulated(truststorePath, truststorePassword, truststoreType, "truststore");
}
@@ -372,6 +393,7 @@ public class TlsConfiguration {
*
* @return true if any truststore properties are present
*/
+ @Override
public boolean isAnyTruststorePopulated() {
return isAnyPopulated(truststorePath, truststorePassword, truststoreType);
}
@@ -381,6 +403,7 @@ public class TlsConfiguration {
*
* @return true if the truststore properties are valid
*/
+ @Override
public boolean isTruststoreValid() {
return isStoreValid(truststorePath, truststorePassword, truststoreType, "truststore");
}
@@ -392,6 +415,7 @@ public class TlsConfiguration {
*
* @return a loggable String[]
*/
+ @Override
public String[] getKeystorePropertiesForLogging() {
return new String[]{getKeystorePath(), getKeystorePasswordForLogging(), getFunctionalKeyPasswordForLogging(), getKeystoreType() != null ? getKeystoreType().getType() : NULL_LOG};
}
@@ -403,37 +427,38 @@ public class TlsConfiguration {
*
* @return a loggable String[]
*/
+ @Override
public String[] getTruststorePropertiesForLogging() {
return new String[]{getTruststorePath(), getTruststorePasswordForLogging(), getKeystoreType() != null ? getTruststoreType().getType() : NULL_LOG};
}
@Override
public String toString() {
- return new ToStringBuilder(this)
- .append("keystorePath", keystorePath)
- .append("keystorePassword", getKeystorePasswordForLogging())
- .append("keyPassword", getKeyPasswordForLogging())
- .append("keystoreType", keystoreType)
- .append("truststorePath", truststorePath)
- .append("truststorePassword", getTruststorePasswordForLogging())
- .append("truststoreType", truststoreType)
- .append("protocol", protocol)
- .toString();
+ StringBuilder sb = new StringBuilder("[TlsConfiguration]");
+ sb.append("keystorePath=").append(keystorePath);
+ sb.append(",keystorePassword=").append(getKeystorePasswordForLogging());
+ sb.append(",keyPassword=").append(getKeyPasswordForLogging());
+ sb.append(",keystoreType=").append(keystoreType);
+ sb.append(",truststorePath=").append(truststorePath);
+ sb.append(",truststorePassword=").append(getTruststorePasswordForLogging());
+ sb.append(",truststoreType=").append(truststoreType);
+ sb.append(",protocol=").append(protocol);
+ return sb.toString();
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
- TlsConfiguration that = (TlsConfiguration) o;
- return Objects.equals(keystorePath, that.keystorePath)
- && Objects.equals(keystorePassword, that.keystorePassword)
- && Objects.equals(keyPassword, that.keyPassword)
- && keystoreType == that.keystoreType
- && Objects.equals(truststorePath, that.truststorePath)
- && Objects.equals(truststorePassword, that.truststorePassword)
- && truststoreType == that.truststoreType
- && Objects.equals(protocol, that.protocol);
+ org.apache.nifi.security.util.TlsConfiguration that = (org.apache.nifi.security.util.TlsConfiguration) o;
+ return Objects.equals(keystorePath, that.getKeystorePath())
+ && Objects.equals(keystorePassword, that.getKeystorePassword())
+ && Objects.equals(keyPassword, that.getKeyPassword())
+ && keystoreType == that.getKeystoreType()
+ && Objects.equals(truststorePath, that.getTruststorePath())
+ && Objects.equals(truststorePassword, that.getTruststorePassword())
+ && truststoreType == that.getTruststoreType()
+ && Objects.equals(protocol, that.getProtocol());
}
@Override
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java
index 0e0cd7e..44f29dc 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java
@@ -16,6 +16,12 @@
*/
package org.apache.nifi.security.xml;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Reader;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.configuration2.XMLConfiguration;
import org.apache.commons.configuration2.ex.ConfigurationException;
@@ -25,13 +31,6 @@ import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.helpers.DefaultHandler;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.Reader;
-
/**
* For security reasons, this class overrides the Apache commons 'XMLConfiguration' class to disable processing of XML external entity (XXE) declarations.
* This class should be used in all cases where an XML configuration file will be used by NiFi. It is currently used by the XMLFileLookupService.
diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy
index a1044ca..f9fa704 100644
--- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy
+++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy
@@ -203,17 +203,17 @@ class CertificateUtilsTest extends GroovyTestCase {
SSLSocket noneSocket = [getNeedClientAuth: { -> false }, getWantClientAuth: { -> false }] as SSLSocket
// Act
- SslContextFactory.ClientAuth needClientAuthStatus = CertificateUtils.getClientAuthStatus(needSocket)
+ ClientAuth needClientAuthStatus = CertificateUtils.getClientAuthStatus(needSocket)
logger.info("Client auth (needSocket): ${needClientAuthStatus}")
- SslContextFactory.ClientAuth wantClientAuthStatus = CertificateUtils.getClientAuthStatus(wantSocket)
+ ClientAuth wantClientAuthStatus = CertificateUtils.getClientAuthStatus(wantSocket)
logger.info("Client auth (wantSocket): ${wantClientAuthStatus}")
- SslContextFactory.ClientAuth noneClientAuthStatus = CertificateUtils.getClientAuthStatus(noneSocket)
+ ClientAuth noneClientAuthStatus = CertificateUtils.getClientAuthStatus(noneSocket)
logger.info("Client auth (noneSocket): ${noneClientAuthStatus}")
// Assert
- assert needClientAuthStatus == SslContextFactory.ClientAuth.REQUIRED
- assert wantClientAuthStatus == SslContextFactory.ClientAuth.WANT
- assert noneClientAuthStatus == SslContextFactory.ClientAuth.NONE
+ assert needClientAuthStatus == ClientAuth.REQUIRED
+ assert wantClientAuthStatus == ClientAuth.WANT
+ assert noneClientAuthStatus == ClientAuth.NONE
}
@Test
@@ -614,58 +614,6 @@ class CertificateUtilsTest extends GroovyTestCase {
}
@Test
- void testShouldParseJavaVersion() {
- // Arrange
- def possibleVersions = ["1.5.0", "1.6.0", "1.7.0.123", "1.8.0.231", "9.0.1", "10.1.2", "11.2.3", "12.3.456"]
-
- // Act
- def majorVersions = possibleVersions.collect { String version ->
- logger.debug("Attempting to determine major version of ${version}")
- CertificateUtils.parseJavaVersion(version)
- }
- logger.info("Major versions: ${majorVersions}")
-
- // Assert
- assert majorVersions == (5..12)
- }
-
- @Test
- void testShouldGetCurrentSupportedTlsProtocolVersions() {
- // Arrange
- int javaMajorVersion = CertificateUtils.getJavaVersion()
- logger.debug("Running on Java version: ${javaMajorVersion}")
-
- // Act
- def tlsVersions = CertificateUtils.getCurrentSupportedTlsProtocolVersions()
- logger.info("Supported protocol versions for ${javaMajorVersion}: ${tlsVersions}")
-
- // Assert
- if (javaMajorVersion < 11) {
- assert tlsVersions == ["TLSv1.2"] as String[]
- } else {
- assert tlsVersions == ["TLSv1.3", "TLSv1.2"] as String[]
- }
- }
-
- @Test
- void testShouldGetMaxCurrentSupportedTlsProtocolVersion() {
- // Arrange
- int javaMajorVersion = CertificateUtils.getJavaVersion()
- logger.debug("Running on Java version: ${javaMajorVersion}")
-
- // Act
- def tlsVersion = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion()
- logger.info("Highest supported protocol version for ${javaMajorVersion}: ${tlsVersion}")
-
- // Assert
- if (javaMajorVersion < 11) {
- assert tlsVersion == "TLSv1.2"
- } else {
- assert tlsVersion == "TLSv1.3"
- }
- }
-
- @Test
void testGetExtensionsFromCSR() {
// Arrange
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA")
diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/SslContextFactoryTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/SslContextFactoryTest.groovy
index cff92ff..68266ae 100644
--- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/SslContextFactoryTest.groovy
+++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/SslContextFactoryTest.groovy
@@ -44,7 +44,7 @@ class SslContextFactoryTest extends GroovyTestCase {
private static final String TRUSTSTORE_PASSWORD = "truststorepassword"
private static final KeystoreType TRUSTSTORE_TYPE = KeystoreType.JKS
- private static final String PROTOCOL = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion()
+ private static final String PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion()
// The default TLS protocol versions for different Java versions
private static final List<String> JAVA_8_TLS_PROTOCOL_VERSIONS = ["TLSv1.2", "TLSv1.1", "TLSv1"]
@@ -75,7 +75,7 @@ class SslContextFactoryTest extends GroovyTestCase {
@Before
void setUp() {
- tlsConfiguration = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ tlsConfiguration = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
}
@After
@@ -84,7 +84,7 @@ class SslContextFactoryTest extends GroovyTestCase {
}
static List<String> getCurrentTlsProtocolVersions() {
- if (CertificateUtils.getJavaVersion() < 11) {
+ if (TlsConfiguration.getJavaVersion() < 11) {
return JAVA_8_TLS_PROTOCOL_VERSIONS
} else {
return JAVA_11_TLS_PROTOCOL_VERSIONS
@@ -98,7 +98,7 @@ class SslContextFactoryTest extends GroovyTestCase {
* @param expectedProtocols the specific protocol versions to be present (ordered as desired)
*/
void assertProtocolVersions(def enabledProtocols, def expectedProtocols) {
- if (CertificateUtils.getJavaVersion() > 8) {
+ if (TlsConfiguration.getJavaVersion() > 8) {
assert enabledProtocols == expectedProtocols as String[]
} else {
assert enabledProtocols as Set == expectedProtocols as Set
@@ -111,7 +111,7 @@ class SslContextFactoryTest extends GroovyTestCase {
logger.info("Creating SSL Context from TLS Configuration: ${tlsConfiguration}")
// Act
- SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
// Assert
@@ -137,11 +137,11 @@ class SslContextFactoryTest extends GroovyTestCase {
(NiFiProperties.SECURITY_KEY_PASSWD): "",
]
NiFiProperties propertiesWithoutKeyPassword = NiFiProperties.createBasicNiFiProperties("", missingKeyPasswordProps)
- TlsConfiguration configWithoutKeyPassword = TlsConfiguration.fromNiFiProperties(propertiesWithoutKeyPassword)
+ TlsConfiguration configWithoutKeyPassword = StandardTlsConfiguration.fromNiFiProperties(propertiesWithoutKeyPassword)
logger.info("Creating SSL Context from TLS Configuration: ${configWithoutKeyPassword}")
// Act
- SSLContext sslContext = SslContextFactory.createSslContext(configWithoutKeyPassword, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(configWithoutKeyPassword, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
// Assert
@@ -170,7 +170,7 @@ class SslContextFactoryTest extends GroovyTestCase {
(NiFiProperties.SECURITY_KEYSTORE): "",
]
NiFiProperties propsNoKeystorePath = NiFiProperties.createBasicNiFiProperties("", missingKeystorePathProps)
- TlsConfiguration configNoKeystorePath = TlsConfiguration.fromNiFiProperties(propsNoKeystorePath)
+ TlsConfiguration configNoKeystorePath = StandardTlsConfiguration.fromNiFiProperties(propsNoKeystorePath)
logger.info("Creating SSL Context from TLS Configuration: ${configNoKeystorePath}")
Map missingTruststorePathProps = DEFAULT_PROPS + [
@@ -182,17 +182,17 @@ class SslContextFactoryTest extends GroovyTestCase {
(NiFiProperties.SECURITY_KEYSTORE_TYPE) : "",
]
NiFiProperties propsNoTruststorePath = NiFiProperties.createBasicNiFiProperties("", missingTruststorePathProps)
- TlsConfiguration configNoTruststorePath = TlsConfiguration.fromNiFiProperties(propsNoTruststorePath)
+ TlsConfiguration configNoTruststorePath = StandardTlsConfiguration.fromNiFiProperties(propsNoTruststorePath)
logger.info("Creating SSL Context from TLS Configuration: ${configNoTruststorePath}")
// Act
def noKeystorePathMsg = shouldFail(TlsException) {
- SSLContext sslContext = SslContextFactory.createSslContext(configNoKeystorePath, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(configNoKeystorePath, ClientAuth.NONE)
logger.info("Created SSL Context missing keystore path: ${KeyStoreUtils.sslContextToString(sslContext)}")
}
def noTruststorePathMsg = shouldFail(TlsException) {
- SSLContext sslContext = SslContextFactory.createSslContext(configNoTruststorePath, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(configNoTruststorePath, ClientAuth.NONE)
logger.info("Created SSL Context missing truststore path: ${KeyStoreUtils.sslContextToString(sslContext)}")
}
@@ -214,11 +214,11 @@ class SslContextFactoryTest extends GroovyTestCase {
(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD): "",
]
NiFiProperties propertiesNoTruststorePassword = NiFiProperties.createBasicNiFiProperties("", truststoreNoPasswordProps)
- TlsConfiguration configNoTruststorePassword = TlsConfiguration.fromNiFiProperties(propertiesNoTruststorePassword)
+ TlsConfiguration configNoTruststorePassword = StandardTlsConfiguration.fromNiFiProperties(propertiesNoTruststorePassword)
logger.info("Creating SSL Context from TLS Configuration: ${configNoTruststorePassword}")
// Act
- SSLContext sslContext = SslContextFactory.createSslContext(configNoTruststorePassword, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(configNoTruststorePassword, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
// Assert
@@ -246,12 +246,12 @@ class SslContextFactoryTest extends GroovyTestCase {
// Change the keystore to one with the same keystore and key password, but don't provide the key password
Map keystoreOnlyProps = DEFAULT_PROPS.findAll { k, v -> k.contains("keystore") }
NiFiProperties keystoreNiFiProperties = NiFiProperties.createBasicNiFiProperties("", keystoreOnlyProps)
- TlsConfiguration keystoreOnlyConfig = TlsConfiguration.fromNiFiProperties(keystoreNiFiProperties)
+ TlsConfiguration keystoreOnlyConfig = StandardTlsConfiguration.fromNiFiProperties(keystoreNiFiProperties)
logger.info("Creating SSL Context from TLS Configuration: ${keystoreOnlyConfig}")
// Act
def msg = shouldFail(TlsException) {
- SSLContext sslContext = SslContextFactory.createSslContext(keystoreOnlyConfig, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(keystoreOnlyConfig, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
}
logger.expected(msg)
@@ -267,11 +267,11 @@ class SslContextFactoryTest extends GroovyTestCase {
@Test
void testCreateSslContextFromTlsConfigurationShouldHandleEmptyConfiguration() {
// Arrange
- TlsConfiguration emptyConfig = new TlsConfiguration()
+ TlsConfiguration emptyConfig = new StandardTlsConfiguration()
logger.info("Creating SSL Context from TLS Configuration: ${emptyConfig}")
// Act
- SSLContext sslContext = SslContextFactory.createSslContext(emptyConfig, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(emptyConfig, ClientAuth.NONE)
// Assert
assert !sslContext
diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/StandardTlsConfigurationTest.groovy
similarity index 74%
rename from nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy
rename to nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/StandardTlsConfigurationTest.groovy
index 29ba36d..ec11713 100644
--- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy
+++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/StandardTlsConfigurationTest.groovy
@@ -31,8 +31,8 @@ import org.slf4j.LoggerFactory
import java.security.Security
@RunWith(JUnit4.class)
-class TlsConfigurationTest extends GroovyTestCase {
- private static final Logger logger = LoggerFactory.getLogger(TlsConfigurationTest.class)
+class StandardTlsConfigurationTest extends GroovyTestCase {
+ private static final Logger logger = LoggerFactory.getLogger(StandardTlsConfigurationTest.class)
private static final String KEYSTORE_PATH = "src/test/resources/TlsConfigurationKeystore.jks"
private static final String KEYSTORE_PASSWORD = "keystorepassword"
@@ -68,7 +68,7 @@ class TlsConfigurationTest extends GroovyTestCase {
@Before
void setUp() throws Exception {
- tlsConfiguration = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ tlsConfiguration = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
}
@After
@@ -80,7 +80,7 @@ class TlsConfigurationTest extends GroovyTestCase {
// Arrange
// Act
- TlsConfiguration fromProperties = TlsConfiguration.fromNiFiProperties(mockNiFiProperties)
+ TlsConfiguration fromProperties = StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties)
logger.info("Created TlsConfiguration: ${fromProperties}")
// Assert
@@ -96,7 +96,7 @@ class TlsConfigurationTest extends GroovyTestCase {
])
// Act
- TlsConfiguration fromProperties = TlsConfiguration.fromNiFiProperties(noKeystoreTypesProps)
+ TlsConfiguration fromProperties = StandardTlsConfiguration.fromNiFiProperties(noKeystoreTypesProps)
logger.info("Created TlsConfiguration: ${fromProperties}")
// Assert
@@ -110,10 +110,10 @@ class TlsConfigurationTest extends GroovyTestCase {
TlsConfiguration withKeyPassword = tlsConfiguration
// A container where the keystore password is explicitly set as the key password as well
- TlsConfiguration withoutKeyPassword = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ TlsConfiguration withoutKeyPassword = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
// A container where null is explicitly set as the key password
- TlsConfiguration withNullPassword = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, null, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ TlsConfiguration withNullPassword = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, null, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
// Act
String actualKeyPassword = withKeyPassword.getKeyPassword()
@@ -139,8 +139,8 @@ class TlsConfigurationTest extends GroovyTestCase {
@Test
void testShouldCheckKeystorePopulation() {
// Arrange
- TlsConfiguration empty = new TlsConfiguration()
- TlsConfiguration noKeystorePassword = new TlsConfiguration(KEYSTORE_PATH, "", KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ TlsConfiguration empty = new StandardTlsConfiguration()
+ TlsConfiguration noKeystorePassword = new StandardTlsConfiguration(KEYSTORE_PATH, "", KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
// Act
boolean normalIsPopulated = tlsConfiguration.isKeystorePopulated()
@@ -156,8 +156,8 @@ class TlsConfigurationTest extends GroovyTestCase {
@Test
void testShouldCheckTruststorePopulation() {
// Arrange
- TlsConfiguration empty = new TlsConfiguration()
- TlsConfiguration noTruststorePassword = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, "", TRUSTSTORE_TYPE)
+ TlsConfiguration empty = new StandardTlsConfiguration()
+ TlsConfiguration noTruststorePassword = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, "", TRUSTSTORE_TYPE)
// Act
boolean normalIsPopulated = tlsConfiguration.isTruststorePopulated()
@@ -173,9 +173,9 @@ class TlsConfigurationTest extends GroovyTestCase {
@Test
void testShouldValidateKeystoreConfiguration() {
// Arrange
- TlsConfiguration empty = new TlsConfiguration()
- TlsConfiguration wrongPassword = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
- TlsConfiguration invalid = new TlsConfiguration(KEYSTORE_PATH.reverse(), KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH.reverse(), TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
+ TlsConfiguration empty = new StandardTlsConfiguration()
+ TlsConfiguration wrongPassword = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
+ TlsConfiguration invalid = new StandardTlsConfiguration(KEYSTORE_PATH.reverse(), KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH.reverse(), TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
// Act
boolean normalIsValid = tlsConfiguration.isKeystoreValid()
@@ -193,9 +193,9 @@ class TlsConfigurationTest extends GroovyTestCase {
@Test
void testShouldValidateTruststoreConfiguration() {
// Arrange
- TlsConfiguration empty = new TlsConfiguration()
- TlsConfiguration wrongPassword = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
- TlsConfiguration invalid = new TlsConfiguration(KEYSTORE_PATH.reverse(), KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH.reverse(), TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
+ TlsConfiguration empty = new StandardTlsConfiguration()
+ TlsConfiguration wrongPassword = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
+ TlsConfiguration invalid = new StandardTlsConfiguration(KEYSTORE_PATH.reverse(), KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH.reverse(), TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
// Act
boolean normalIsValid = tlsConfiguration.isTruststoreValid()
diff --git a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
index 7af6cce..421d6a6 100644
--- a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
+++ b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
@@ -44,8 +44,8 @@ import org.apache.nifi.remote.exception.UnknownPortException;
import org.apache.nifi.remote.protocol.DataPacket;
import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
import org.apache.nifi.remote.protocol.http.HttpProxy;
-import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.KeyStoreUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
/**
* <p>
@@ -919,7 +919,7 @@ public interface SiteToSiteClient extends Closeable {
if (keyManagerFactory != null && trustManagerFactory != null) {
try {
// initialize the ssl context
- final SSLContext sslContext = SSLContext.getInstance(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ final SSLContext sslContext = SSLContext.getInstance(TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
diff --git a/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java b/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java
index ab71c56..418bb81 100644
--- a/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java
+++ b/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java
@@ -65,7 +65,7 @@ import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
import org.apache.nifi.remote.protocol.http.HttpHeaders;
import org.apache.nifi.remote.protocol.http.HttpProxy;
import org.apache.nifi.remote.util.StandardDataPacket;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.stream.io.StreamUtils;
import org.apache.nifi.web.api.dto.ControllerDTO;
import org.apache.nifi.web.api.dto.PortDTO;
@@ -100,7 +100,7 @@ import org.slf4j.LoggerFactory;
public class TestHttpClient {
- private static Logger logger = LoggerFactory.getLogger(TestHttpClient.class);
+ private static final Logger logger = LoggerFactory.getLogger(TestHttpClient.class);
private static Server server;
private static ServerConnector httpConnector;
@@ -457,7 +457,7 @@ public class TestHttpClient {
sslContextFactory.setKeyStorePath("src/test/resources/certs/keystore.jks");
sslContextFactory.setKeyStorePassword("passwordpassword");
sslContextFactory.setKeyStoreType("JKS");
- sslContextFactory.setProtocol(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ sslContextFactory.setProtocol(TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
sslContextFactory.setExcludeProtocols("TLS", "TLSv1", "TLSv1.1");
httpConnector = new ServerConnector(server);
diff --git a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/ServerSocketConfiguration.java b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/ServerSocketConfiguration.java
index d33a48a..2727d43 100644
--- a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/ServerSocketConfiguration.java
+++ b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/ServerSocketConfiguration.java
@@ -17,6 +17,7 @@
package org.apache.nifi.io.socket;
import javax.net.ssl.SSLContext;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
@@ -34,7 +35,7 @@ public final class ServerSocketConfiguration {
public SSLContext createSSLContext() throws TlsException {
// ClientAuth was hardcoded to REQUIRED in removed SSLContextFactory and overridden in SocketUtils when the socket is created
- return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
+ return SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.REQUIRED);
}
public void setTlsConfiguration(final TlsConfiguration tlsConfiguration) {
diff --git a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketConfiguration.java b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketConfiguration.java
index 88709f5..8c76f45 100644
--- a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketConfiguration.java
+++ b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketConfiguration.java
@@ -17,6 +17,7 @@
package org.apache.nifi.io.socket;
import javax.net.ssl.SSLContext;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
@@ -35,7 +36,7 @@ public final class SocketConfiguration {
public SSLContext createSSLContext() throws TlsException {
// This is only used for client sockets, so the client auth setting is ignored
- return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.NONE);
+ return SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.NONE);
}
public void setTlsConfiguration(final TlsConfiguration tlsConfiguration) {
diff --git a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketUtils.java b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketUtils.java
index 453cbb2..43556a7 100644
--- a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketUtils.java
+++ b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketUtils.java
@@ -24,7 +24,7 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import org.apache.nifi.logging.NiFiLog;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -66,7 +66,7 @@ public final class SocketUtils {
Socket tempSocket = sslContext.getSocketFactory().createSocket(address.getHostName(), address.getPort());
final SSLSocket sslSocket = (SSLSocket) tempSocket;
// Enforce custom protocols on socket
- sslSocket.setEnabledProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
+ sslSocket.setEnabledProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
socket = sslSocket;
}
@@ -129,7 +129,7 @@ public final class SocketUtils {
final SSLServerSocket sslServerSocket = (SSLServerSocket) serverSocket;
sslServerSocket.setNeedClientAuth(config.getNeedClientAuth());
// Enforce custom protocols on socket
- sslServerSocket.setEnabledProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
+ sslServerSocket.setEnabledProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
}
if (config.getSocketTimeout() != null) {
diff --git a/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy b/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy
index b0a62c8..9b35109 100644
--- a/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy
+++ b/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy
@@ -16,8 +16,9 @@
*/
package org.apache.nifi.io.socket
-import org.apache.nifi.security.util.CertificateUtils
+
import org.apache.nifi.security.util.KeystoreType
+import org.apache.nifi.security.util.StandardTlsConfiguration
import org.apache.nifi.security.util.TlsConfiguration
import org.apache.nifi.util.NiFiProperties
import org.bouncycastle.jce.provider.BouncyCastleProvider
@@ -46,7 +47,7 @@ class SocketUtilsTest extends GroovyTestCase {
private static final String TRUSTSTORE_PASSWORD = "truststorepassword"
private static final KeystoreType TRUSTSTORE_TYPE = KeystoreType.JKS
- private static final String PROTOCOL = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion()
+ private static final String PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion()
private static final Map<String, String> DEFAULT_PROPS = [
(NiFiProperties.SECURITY_KEYSTORE) : KEYSTORE_PATH,
@@ -61,8 +62,8 @@ class SocketUtilsTest extends GroovyTestCase {
private NiFiProperties mockNiFiProperties = NiFiProperties.createBasicNiFiProperties(null, DEFAULT_PROPS)
// A static TlsConfiguration referencing the test resource keystore and truststore
-// private static final TlsConfiguration TLS_CONFIGURATION = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, PROTOCOL)
-// private static final SSLContext sslContext = SslContextFactory.createSslContext(TLS_CONFIGURATION, SslContextFactory.ClientAuth.NONE)
+// private static final TlsConfiguration TLS_CONFIGURATION = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, PROTOCOL)
+// private static final SSLContext sslContext = SslContextFactory.createSslContext(TLS_CONFIGURATION, ClientAuth.NONE)
@BeforeClass
static void setUpOnce() throws Exception {
@@ -87,7 +88,7 @@ class SocketUtilsTest extends GroovyTestCase {
void testCreateSSLServerSocketShouldRestrictTlsProtocols() {
// Arrange
ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration()
- mockServerSocketConfiguration.setTlsConfiguration(TlsConfiguration.fromNiFiProperties(mockNiFiProperties))
+ mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties))
// Act
SSLServerSocket sslServerSocket = SocketUtils.createSSLServerSocket(0, mockServerSocketConfiguration)
@@ -96,7 +97,7 @@ class SocketUtilsTest extends GroovyTestCase {
// Assert
String[] enabledProtocols = sslServerSocket.getEnabledProtocols()
logger.info("Enabled protocols: ${enabledProtocols}")
- assert enabledProtocols == CertificateUtils.getCurrentSupportedTlsProtocolVersions()
+ assert enabledProtocols == TlsConfiguration.getCurrentSupportedTlsProtocolVersions()
assert !enabledProtocols.contains("TLSv1")
assert !enabledProtocols.contains("TLSv1.1")
}
@@ -105,7 +106,7 @@ class SocketUtilsTest extends GroovyTestCase {
void testCreateServerSocketShouldRestrictTlsProtocols() {
// Arrange
ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration()
- mockServerSocketConfiguration.setTlsConfiguration(TlsConfiguration.fromNiFiProperties(mockNiFiProperties))
+ mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties))
// Act
SSLServerSocket sslServerSocket = SocketUtils.createServerSocket(0, mockServerSocketConfiguration) as SSLServerSocket
@@ -114,7 +115,7 @@ class SocketUtilsTest extends GroovyTestCase {
// Assert
String[] enabledProtocols = sslServerSocket.getEnabledProtocols()
logger.info("Enabled protocols: ${enabledProtocols}")
- assert enabledProtocols == CertificateUtils.getCurrentSupportedTlsProtocolVersions()
+ assert enabledProtocols == TlsConfiguration.getCurrentSupportedTlsProtocolVersions()
assert !enabledProtocols.contains("TLSv1")
assert !enabledProtocols.contains("TLSv1.1")
}
diff --git a/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/util/file/classloader/ClassLoaderUtils.java b/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/util/file/classloader/ClassLoaderUtils.java
index fbf76bc..0867bb9 100644
--- a/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/util/file/classloader/ClassLoaderUtils.java
+++ b/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/util/file/classloader/ClassLoaderUtils.java
@@ -16,18 +16,14 @@
*/
package org.apache.nifi.util.file.classloader;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.xml.bind.DatatypeConverter;
import java.io.File;
import java.io.FilenameFilter;
-import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
+import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
@@ -37,6 +33,9 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
+import javax.xml.bind.DatatypeConverter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class ClassLoaderUtils {
@@ -149,11 +148,11 @@ public class ClassLoaderUtils {
listOfUrls.forEach(url -> {
urlBuffer.append(url).append("-").append(getLastModified(url)).append(";");
});
- byte[] bytesOfAdditionalUrls = urlBuffer.toString().getBytes("UTF-8");
+ byte[] bytesOfAdditionalUrls = urlBuffer.toString().getBytes(StandardCharsets.UTF_8);
byte[] bytesOfDigest = md.digest(bytesOfAdditionalUrls);
return DatatypeConverter.printHexBinary(bytesOfDigest);
- } catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
+ } catch (NoSuchAlgorithmException e) {
LOGGER.error("Unable to generate fingerprint for the provided additional resources {}", new Object[]{urls, e});
return null;
}
diff --git a/nifi-commons/pom.xml b/nifi-commons/pom.xml
index 4d618ce..b9efb53 100644
--- a/nifi-commons/pom.xml
+++ b/nifi-commons/pom.xml
@@ -37,6 +37,7 @@
<module>nifi-record-path</module>
<module>nifi-rocksdb-utils</module>
<module>nifi-schema-utils</module>
+ <module>nifi-security-utils-api</module>
<module>nifi-security-utils</module>
<module>nifi-site-to-site-client</module>
<module>nifi-socket-utils</module>
diff --git a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-http.svg b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-http.svg
index c845aae..60c6ad2 100644
--- a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-http.svg
+++ b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-http.svg
@@ -13,5 +13,6 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<svg version="1.1" viewBox="0.0 0.0 800.0 450.0" fill="none" stroke="none" stroke-linecap="square" stroke-miterlimit="10" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><clipPath id="p.0"><path d="m0 0l800.0 0l0 600.0l-800.0 0l0 -600.0z" clip-rule="nonzero"></path></clipPath><g clip-path="url(#p.0)"><path fill="#000000" fill-opacity="0.0" d="m0 0l800.0 0l0 600.0l-800.0 0z" fill-rule="evenodd"></path><path fill="#000000" fill-opacity="0.0" d="m85.99213 13.03 [...]
+<svg version="1.1" viewBox="0.0 0.0 800.0 450.0" fill="none" stroke="none" stroke-linecap="square"
+ stroke-miterlimit="10" xmlns="http://www.w3.org/2000/svg"><clipPath id="p.0"><path d="m0 0l800.0 0l0 600.0l-800.0 0l0 -600.0z" clip-rule="nonzero"></path></clipPath><g clip-path="url(#p.0)"><path fill="#000000" fill-opacity="0.0" d="m0 0l800.0 0l0 600.0l-800.0 0z" fill-rule="evenodd"></path><path fill="#000000" fill-opacity="0.0" d="m85.99213 13.036745l214.99213 0l0 34.3937l-214.99213 0z" fill-rule="evenodd"></path><path fill="#000000" d="m96.05463 37.396748l0 -11.453127l1.40625 0l0 [...]
diff --git a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-portnumber.svg b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-portnumber.svg
index 47e3284..5ebc23a 100644
--- a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-portnumber.svg
+++ b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-portnumber.svg
@@ -13,5 +13,6 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<svg version="1.1" viewBox="0.0 0.0 800.0 450.0" fill="none" stroke="none" stroke-linecap="square" stroke-miterlimit="10" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><clipPath id="p.0"><path d="m0 0l800.0 0l0 600.0l-800.0 0l0 -600.0z" clip-rule="nonzero"></path></clipPath><g clip-path="url(#p.0)"><path fill="#000000" fill-opacity="0.0" d="m0 0l800.0 0l0 600.0l-800.0 0z" fill-rule="evenodd"></path><path fill="#000000" fill-opacity="0.0" d="m85.99213 13.03 [...]
+<svg version="1.1" viewBox="0.0 0.0 800.0 450.0" fill="none" stroke="none" stroke-linecap="square"
+ stroke-miterlimit="10" xmlns="http://www.w3.org/2000/svg"><clipPath id="p.0"><path d="m0 0l800.0 0l0 600.0l-800.0 0l0 -600.0z" clip-rule="nonzero"></path></clipPath><g clip-path="url(#p.0)"><path fill="#000000" fill-opacity="0.0" d="m0 0l800.0 0l0 600.0l-800.0 0z" fill-rule="evenodd"></path><path fill="#000000" fill-opacity="0.0" d="m85.99213 13.036745l214.99213 0l0 34.3937l-214.99213 0z" fill-rule="evenodd"></path><path fill="#000000" d="m96.05463 37.396748l0 -11.453127l1.40625 0l0 [...]
diff --git a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-servername.svg b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-servername.svg
index 2f68e08..7446504 100644
--- a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-servername.svg
+++ b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-servername.svg
@@ -13,5 +13,6 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<svg version="1.1" viewBox="0.0 0.0 800.0 450.0" fill="none" stroke="none" stroke-linecap="square" stroke-miterlimit="10" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><clipPath id="p.0"><path d="m0 0l800.0 0l0 600.0l-800.0 0l0 -600.0z" clip-rule="nonzero"></path></clipPath><g clip-path="url(#p.0)"><path fill="#000000" fill-opacity="0.0" d="m0 0l800.0 0l0 600.0l-800.0 0z" fill-rule="evenodd"></path><path fill="#000000" fill-opacity="0.0" d="m85.99213 13.03 [...]
+<svg version="1.1" viewBox="0.0 0.0 800.0 450.0" fill="none" stroke="none" stroke-linecap="square"
+ stroke-miterlimit="10" xmlns="http://www.w3.org/2000/svg"><clipPath id="p.0"><path d="m0 0l800.0 0l0 600.0l-800.0 0l0 -600.0z" clip-rule="nonzero"></path></clipPath><g clip-path="url(#p.0)"><path fill="#000000" fill-opacity="0.0" d="m0 0l800.0 0l0 600.0l-800.0 0z" fill-rule="evenodd"></path><path fill="#000000" fill-opacity="0.0" d="m85.99213 13.036745l214.99213 0l0 34.3937l-214.99213 0z" fill-rule="evenodd"></path><path fill="#000000" d="m96.05463 37.396748l0 -11.453127l1.40625 0l0 [...]
diff --git a/nifi-mock/src/main/java/org/apache/nifi/provenance/MockProvenanceRepository.java b/nifi-mock/src/main/java/org/apache/nifi/provenance/MockProvenanceRepository.java
index 30e6bd1..e1d8321 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/provenance/MockProvenanceRepository.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/provenance/MockProvenanceRepository.java
@@ -23,7 +23,6 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
-
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.events.EventReporter;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/state/MockStateManager.java b/nifi-mock/src/main/java/org/apache/nifi/state/MockStateManager.java
index 81ad988..f124326 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/state/MockStateManager.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/state/MockStateManager.java
@@ -21,7 +21,6 @@ import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
-
import org.apache.nifi.annotation.behavior.Stateful;
import org.apache.nifi.components.state.Scope;
import org.apache.nifi.components.state.StateManager;
@@ -120,7 +119,7 @@ public class MockStateManager implements StateManager {
@Override
public synchronized void clear(final Scope scope) throws IOException {
verifyAnnotation(scope);
- setState(Collections.<String, String> emptyMap(), scope);
+ setState(Collections.emptyMap(), scope);
}
private void verifyCanSet(final Scope scope) throws IOException {
diff --git a/nifi-mock/src/main/java/org/apache/nifi/state/MockStateMap.java b/nifi-mock/src/main/java/org/apache/nifi/state/MockStateMap.java
index cfce467..3956ff5 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/state/MockStateMap.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/state/MockStateMap.java
@@ -20,7 +20,6 @@ package org.apache.nifi.state;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
-
import org.apache.nifi.components.state.StateMap;
public class MockStateMap implements StateMap {
@@ -28,7 +27,7 @@ public class MockStateMap implements StateMap {
private final long version;
public MockStateMap(final Map<String, String> stateValues, final long version) {
- this.stateValues = stateValues == null ? Collections.<String, String> emptyMap() : new HashMap<>(stateValues);
+ this.stateValues = stateValues == null ? Collections.emptyMap() : new HashMap<>(stateValues);
this.version = version;
}
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/CapturingLogger.java b/nifi-mock/src/main/java/org/apache/nifi/util/CapturingLogger.java
index a289eaa..5b4a58c 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/CapturingLogger.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/CapturingLogger.java
@@ -3,7 +3,6 @@ package org.apache.nifi.util;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-
import org.slf4j.Logger;
import org.slf4j.Marker;
import org.slf4j.helpers.MessageFormatter;
@@ -33,11 +32,11 @@ public class CapturingLogger implements Logger {
private final Logger logger;
- private List<LogMessage> traceMessages = new ArrayList<>();
- private List<LogMessage> debugMessages = new ArrayList<>();
- private List<LogMessage> infoMessages = new ArrayList<>();
- private List<LogMessage> warnMessages = new ArrayList<>();
- private List<LogMessage> errorMessages = new ArrayList<>();
+ private final List<LogMessage> traceMessages = new ArrayList<>();
+ private final List<LogMessage> debugMessages = new ArrayList<>();
+ private final List<LogMessage> infoMessages = new ArrayList<>();
+ private final List<LogMessage> warnMessages = new ArrayList<>();
+ private final List<LogMessage> errorMessages = new ArrayList<>();
public CapturingLogger(final Logger logger) {
this.logger = logger;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/ControllerServiceConfiguration.java b/nifi-mock/src/main/java/org/apache/nifi/util/ControllerServiceConfiguration.java
index bd623ca..e23e99a 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/ControllerServiceConfiguration.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/ControllerServiceConfiguration.java
@@ -20,7 +20,6 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.ControllerService;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockBulletinRepository.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockBulletinRepository.java
index a52853a..89a0cf9 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockBulletinRepository.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockBulletinRepository.java
@@ -16,12 +16,11 @@
*/
package org.apache.nifi.util;
+import java.util.List;
import org.apache.nifi.reporting.Bulletin;
import org.apache.nifi.reporting.BulletinQuery;
import org.apache.nifi.reporting.BulletinRepository;
-import java.util.List;
-
public class MockBulletinRepository implements BulletinRepository {
@Override
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockComponentLog.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockComponentLog.java
index e58cf50..4bb655e 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockComponentLog.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockComponentLog.java
@@ -17,7 +17,6 @@
package org.apache.nifi.util;
import java.util.List;
-
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.logging.LogLevel;
import org.slf4j.Logger;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockConfigurationContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockConfigurationContext.java
index 307f474..4e68366 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockConfigurationContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockConfigurationContext.java
@@ -20,7 +20,6 @@ import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.controller.ConfigurationContext;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceInitializationContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceInitializationContext.java
index 021bdc2..79cb961 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceInitializationContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceInitializationContext.java
@@ -16,6 +16,7 @@
*/
package org.apache.nifi.util;
+import java.io.File;
import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceInitializationContext;
@@ -25,8 +26,6 @@ import org.apache.nifi.kerberos.KerberosContext;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.state.MockStateManager;
-import java.io.File;
-
public class MockControllerServiceInitializationContext extends MockControllerServiceLookup implements ControllerServiceInitializationContext, ControllerServiceLookup, NodeTypeProvider {
private final String identifier;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceLookup.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceLookup.java
index ec7b179..5bec0ce 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceLookup.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceLookup.java
@@ -20,7 +20,6 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
-
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceLookup;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockEventAccess.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockEventAccess.java
index 38d1619..b6cd7ad 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockEventAccess.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockEventAccess.java
@@ -21,7 +21,6 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-
import org.apache.nifi.action.Action;
import org.apache.nifi.controller.status.ProcessGroupStatus;
import org.apache.nifi.provenance.ProvenanceEventRecord;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockFlowFileQueue.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockFlowFileQueue.java
index 0c6ec2a..2abcc4f 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockFlowFileQueue.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockFlowFileQueue.java
@@ -22,7 +22,6 @@ import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
-
import org.apache.nifi.controller.queue.QueueSize;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockKerberosContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockKerberosContext.java
index 480eab8..fa77ca3 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockKerberosContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockKerberosContext.java
@@ -16,9 +16,8 @@
*/
package org.apache.nifi.util;
-import org.apache.nifi.kerberos.KerberosContext;
-
import java.io.File;
+import org.apache.nifi.kerberos.KerberosContext;
public class MockKerberosContext implements KerberosContext {
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessContext.java
index e850bc8..ffc2711 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessContext.java
@@ -16,6 +16,18 @@
*/
package org.apache.nifi.util;
+import static java.util.Objects.requireNonNull;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.attribute.expression.language.Query;
import org.apache.nifi.attribute.expression.language.Query.Range;
@@ -36,19 +48,6 @@ import org.apache.nifi.scheduling.ExecutionNode;
import org.apache.nifi.state.MockStateManager;
import org.junit.Assert;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Set;
-
-import static java.util.Objects.requireNonNull;
-
public class MockProcessContext extends MockControllerServiceLookup implements ProcessContext, ControllerServiceLookup, NodeTypeProvider {
private final ConfigurableComponent component;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessSession.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessSession.java
index fe9faf9..dd56b6c 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessSession.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessSession.java
@@ -16,22 +16,6 @@
*/
package org.apache.nifi.util;
-import org.apache.nifi.controller.queue.QueueSize;
-import org.apache.nifi.flowfile.FlowFile;
-import org.apache.nifi.flowfile.attributes.CoreAttributes;
-import org.apache.nifi.processor.FlowFileFilter;
-import org.apache.nifi.processor.ProcessSession;
-import org.apache.nifi.processor.Processor;
-import org.apache.nifi.processor.Relationship;
-import org.apache.nifi.processor.exception.FlowFileAccessException;
-import org.apache.nifi.processor.exception.FlowFileHandlingException;
-import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.processor.io.InputStreamCallback;
-import org.apache.nifi.processor.io.OutputStreamCallback;
-import org.apache.nifi.processor.io.StreamCallback;
-import org.apache.nifi.provenance.ProvenanceReporter;
-import org.junit.Assert;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
@@ -58,6 +42,21 @@ import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicLong;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
+import org.apache.nifi.controller.queue.QueueSize;
+import org.apache.nifi.flowfile.FlowFile;
+import org.apache.nifi.flowfile.attributes.CoreAttributes;
+import org.apache.nifi.processor.FlowFileFilter;
+import org.apache.nifi.processor.ProcessSession;
+import org.apache.nifi.processor.Processor;
+import org.apache.nifi.processor.Relationship;
+import org.apache.nifi.processor.exception.FlowFileAccessException;
+import org.apache.nifi.processor.exception.FlowFileHandlingException;
+import org.apache.nifi.processor.exception.ProcessException;
+import org.apache.nifi.processor.io.InputStreamCallback;
+import org.apache.nifi.processor.io.OutputStreamCallback;
+import org.apache.nifi.processor.io.StreamCallback;
+import org.apache.nifi.provenance.ProvenanceReporter;
+import org.junit.Assert;
public class MockProcessSession implements ProcessSession {
@@ -1357,10 +1356,6 @@ public class MockProcessSession implements ProcessSession {
final String curUuid = curFlowFile.getAttribute(CoreAttributes.UUID.key());
final String providedUuid = curFlowFile.getAttribute(CoreAttributes.UUID.key());
- if (!curUuid.equals(providedUuid)) {
- return false;
- }
-
- return true;
+ return curUuid.equals(providedUuid);
}
}
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessorInitializationContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessorInitializationContext.java
index d48fc3d..2ac2b73 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessorInitializationContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessorInitializationContext.java
@@ -19,7 +19,6 @@ package org.apache.nifi.util;
import java.io.File;
import java.util.Set;
import java.util.UUID;
-
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyContext.java
index 5c4647d..6f110b2 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyContext.java
@@ -16,13 +16,12 @@
*/
package org.apache.nifi.util;
+import java.util.LinkedHashMap;
+import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.context.PropertyContext;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
public class MockPropertyContext implements PropertyContext {
private final Map<PropertyDescriptor, String> properties;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyValue.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyValue.java
index 209559b..9b7d72b 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyValue.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyValue.java
@@ -16,8 +16,11 @@
*/
package org.apache.nifi.util;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
import org.apache.nifi.annotation.behavior.InputRequirement;
-import org.apache.nifi.parameter.ParameterLookup;
import org.apache.nifi.attribute.expression.language.Query;
import org.apache.nifi.attribute.expression.language.Query.Range;
import org.apache.nifi.attribute.expression.language.StandardPropertyValue;
@@ -28,15 +31,11 @@ import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.expression.AttributeValueDecorator;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.flowfile.FlowFile;
+import org.apache.nifi.parameter.ParameterLookup;
import org.apache.nifi.processor.DataUnit;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.registry.VariableRegistry;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-
public class MockPropertyValue implements PropertyValue {
private final String rawValue;
private final Boolean expectExpressions;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockProvenanceReporter.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockProvenanceReporter.java
index 37a6393..55e3a81 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockProvenanceReporter.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockProvenanceReporter.java
@@ -20,7 +20,6 @@ import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Set;
-
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.FlowFileHandlingException;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingContext.java
index b9e23c3..5a0fd84 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingContext.java
@@ -22,7 +22,6 @@ import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.state.StateManager;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingInitializationContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingInitializationContext.java
index d1b8e5c..4b74acc 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingInitializationContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingInitializationContext.java
@@ -20,7 +20,6 @@ import java.io.File;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockSessionFactory.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockSessionFactory.java
index 010cc97..9b6b78f 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockSessionFactory.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockSessionFactory.java
@@ -19,7 +19,6 @@ package org.apache.nifi.util;
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
-
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.processor.Processor;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockValidationContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockValidationContext.java
index e913204..d4a198b 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockValidationContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockValidationContext.java
@@ -16,8 +16,13 @@
*/
package org.apache.nifi.util;
-import org.apache.nifi.parameter.ExpressionLanguageAgnosticParameterParser;
-import org.apache.nifi.parameter.ParameterLookup;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
import org.apache.nifi.attribute.expression.language.Query;
import org.apache.nifi.attribute.expression.language.Query.Range;
import org.apache.nifi.attribute.expression.language.StandardExpressionLanguageCompiler;
@@ -28,19 +33,13 @@ import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.expression.ExpressionLanguageCompiler;
+import org.apache.nifi.parameter.ExpressionLanguageAgnosticParameterParser;
+import org.apache.nifi.parameter.ExpressionLanguageAwareParameterParser;
+import org.apache.nifi.parameter.ParameterLookup;
import org.apache.nifi.parameter.ParameterParser;
import org.apache.nifi.parameter.ParameterReference;
-import org.apache.nifi.parameter.ExpressionLanguageAwareParameterParser;
import org.apache.nifi.registry.VariableRegistry;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.stream.Collectors;
-
public class MockValidationContext extends MockControllerServiceLookup implements ValidationContext, ControllerServiceLookup {
private final MockProcessContext context;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockVariableRegistry.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockVariableRegistry.java
index c782b4f..027baa1 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockVariableRegistry.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockVariableRegistry.java
@@ -20,7 +20,6 @@ package org.apache.nifi.util;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
-
import org.apache.nifi.registry.VariableDescriptor;
import org.apache.nifi.registry.VariableRegistry;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/SharedSessionState.java b/nifi-mock/src/main/java/org/apache/nifi/util/SharedSessionState.java
index 994735b..f9ff0c9 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/SharedSessionState.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/SharedSessionState.java
@@ -25,7 +25,6 @@ import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicLong;
-
import org.apache.nifi.processor.Processor;
import org.apache.nifi.provenance.ProvenanceEventRecord;
import org.apache.nifi.provenance.ProvenanceReporter;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/StandardProcessorTestRunner.java b/nifi-mock/src/main/java/org/apache/nifi/util/StandardProcessorTestRunner.java
index 2977916..c2db427 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/StandardProcessorTestRunner.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/StandardProcessorTestRunner.java
@@ -16,6 +16,33 @@
*/
package org.apache.nifi.util;
+import static java.util.Objects.requireNonNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.concurrent.Callable;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicLong;
+import java.util.function.Predicate;
import org.apache.nifi.annotation.behavior.TriggerSerially;
import org.apache.nifi.annotation.lifecycle.OnAdded;
import org.apache.nifi.annotation.lifecycle.OnConfigurationRestored;
@@ -46,34 +73,6 @@ import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.state.MockStateManager;
import org.junit.Assert;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.lang.reflect.InvocationTargetException;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Set;
-import java.util.concurrent.Callable;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicInteger;
-import java.util.concurrent.atomic.AtomicLong;
-import java.util.function.Predicate;
-
-import static java.util.Objects.requireNonNull;
-
public class StandardProcessorTestRunner implements TestRunner {
private final Processor processor;
@@ -419,7 +418,7 @@ public class StandardProcessorTestRunner implements TestRunner {
@Override
public MockFlowFile enqueue(final String data) {
- return enqueue(data.getBytes(StandardCharsets.UTF_8), Collections.<String, String> emptyMap());
+ return enqueue(data.getBytes(StandardCharsets.UTF_8), Collections.emptyMap());
}
@Override
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/TestRunner.java b/nifi-mock/src/main/java/org/apache/nifi/util/TestRunner.java
index ce5a837..23e5ebb 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/TestRunner.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/TestRunner.java
@@ -16,6 +16,12 @@
*/
package org.apache.nifi.util;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Predicate;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationResult;
@@ -31,13 +37,6 @@ import org.apache.nifi.provenance.ProvenanceEventRecord;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.state.MockStateManager;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.file.Path;
-import java.util.List;
-import java.util.Map;
-import java.util.function.Predicate;
-
public interface TestRunner {
/**
@@ -907,7 +906,7 @@ public interface TestRunner {
* Returns the {@link MockComponentLog} that is used by the Processor under test.
* @return the logger
*/
- public MockComponentLog getLogger();
+ MockComponentLog getLogger();
/**
* Returns the {@link MockComponentLog} that is used by the specified controller service.
@@ -915,7 +914,7 @@ public interface TestRunner {
* @param identifier a controller service identifier
* @return the logger
*/
- public MockComponentLog getControllerServiceLogger(final String identifier);
+ MockComponentLog getControllerServiceLogger(final String identifier);
/**
* @return the State Manager that is used to stored and retrieve state
diff --git a/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessContext.java b/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessContext.java
index f1137ed..f83db9f 100644
--- a/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessContext.java
+++ b/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessContext.java
@@ -25,7 +25,6 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
diff --git a/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessSession.java b/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessSession.java
index 6ba99c7..bf4c6e6 100644
--- a/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessSession.java
+++ b/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessSession.java
@@ -25,7 +25,6 @@ import java.io.InputStream;
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
-
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
diff --git a/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/main/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessor.java b/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/main/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessor.java
index c947b7a..642aa1b 100644
--- a/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/main/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessor.java
+++ b/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/main/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessor.java
@@ -19,6 +19,7 @@ package org.apache.nifi.amqp.processors;
import com.rabbitmq.client.Connection;
import com.rabbitmq.client.ConnectionFactory;
import com.rabbitmq.client.DefaultSaslConfig;
+import com.rabbitmq.client.impl.DefaultExceptionHandler;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -28,8 +29,6 @@ import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.LinkedBlockingQueue;
import javax.net.ssl.SSLContext;
-
-import com.rabbitmq.client.impl.DefaultExceptionHandler;
import org.apache.commons.lang3.concurrent.BasicThreadFactory;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnStopped;
@@ -42,7 +41,7 @@ import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
@@ -121,7 +120,7 @@ abstract class AbstractAMQPProcessor<T extends AMQPWorker> extends AbstractProce
.displayName("Client Auth")
.description("The property has no effect and therefore deprecated.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
+ .allowableValues(ClientAuth.values())
.defaultValue("NONE")
.build();
@@ -299,7 +298,7 @@ abstract class AbstractAMQPProcessor<T extends AMQPWorker> extends AbstractProce
final Boolean useCertAuthentication = context.getProperty(USE_CERT_AUTHENTICATION).asBoolean();
if (sslService != null) {
- final SSLContext sslContext = sslService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ final SSLContext sslContext = sslService.createSSLContext(ClientAuth.NONE);
cf.useSslProtocol(sslContext);
if (useCertAuthentication) {
diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java
index d56d9ee..f6bed47 100644
--- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java
+++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java
@@ -58,7 +58,7 @@ import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import org.apache.nifi.proxy.ProxyConfiguration;
import org.apache.nifi.proxy.ProxySpec;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
/**
@@ -227,7 +227,7 @@ public abstract class AbstractAWSProcessor<ClientType extends AmazonWebServiceCl
if(this.getSupportedPropertyDescriptors().contains(SSL_CONTEXT_SERVICE)) {
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
- final SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ final SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.NONE);
// NIFI-3788: Changed hostnameVerifier from null to DHV (BrowserCompatibleHostnameVerifier is deprecated)
SdkTLSSocketFactory sdkTLSSocketFactory = new SdkTLSSocketFactory(sslContext, new DefaultHostnameVerifier());
config.getApacheHttpClientConfig().setSslSocketFactory(sdkTLSSocketFactory);
diff --git a/nifi-nar-bundles/nifi-beats-bundle/nifi-beats-processors/src/main/java/org/apache/nifi/processors/beats/ListenBeats.java b/nifi-nar-bundles/nifi-beats-bundle/nifi-beats-processors/src/main/java/org/apache/nifi/processors/beats/ListenBeats.java
index 5509318..eab3e76 100644
--- a/nifi-nar-bundles/nifi-beats-bundle/nifi-beats-processors/src/main/java/org/apache/nifi/processors/beats/ListenBeats.java
+++ b/nifi-nar-bundles/nifi-beats-bundle/nifi-beats-processors/src/main/java/org/apache/nifi/processors/beats/ListenBeats.java
@@ -57,7 +57,7 @@ import org.apache.nifi.processors.beats.frame.BeatsEncoder;
import org.apache.nifi.processors.beats.handler.BeatsSocketChannelHandlerFactory;
import org.apache.nifi.processors.beats.response.BeatsChannelResponse;
import org.apache.nifi.processors.beats.response.BeatsResponse;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
@@ -90,8 +90,8 @@ public class ListenBeats extends AbstractListenEventBatchingProcessor<BeatsEvent
.displayName("Client Auth")
.description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
- .defaultValue(SslContextFactory.ClientAuth.REQUIRED.name())
+ .allowableValues(ClientAuth.values())
+ .defaultValue(ClientAuth.REQUIRED.name())
.build();
@Override
@@ -151,12 +151,12 @@ public class ListenBeats extends AbstractListenEventBatchingProcessor<BeatsEvent
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
- SslContextFactory.ClientAuth clientAuth = null;
+ ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
- clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
+ sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuthValue));
+ clientAuth = ClientAuth.valueOf(clientAuthValue);
}
diff --git a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
index 897f1b8..4221e09 100644
--- a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
+++ b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
@@ -52,7 +52,7 @@ import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
/**
@@ -107,7 +107,7 @@ public abstract class AbstractCassandraProcessor extends AbstractProcessor {
+ "Possible values are REQUIRED, WANT, NONE. This property is only used when an SSL Context "
+ "has been defined and enabled.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
+ .allowableValues(ClientAuth.values())
.defaultValue("REQUIRED")
.build();
@@ -256,16 +256,16 @@ public abstract class AbstractCassandraProcessor extends AbstractProcessor {
final SSLContext sslContext;
if (sslService != null) {
- final SslContextFactory.ClientAuth clientAuth;
+ final ClientAuth clientAuth;
if (StringUtils.isBlank(rawClientAuth)) {
- clientAuth = SslContextFactory.ClientAuth.REQUIRED;
+ clientAuth = ClientAuth.REQUIRED;
} else {
try {
- clientAuth = SslContextFactory.ClientAuth.valueOf(rawClientAuth);
+ clientAuth = ClientAuth.valueOf(rawClientAuth);
} catch (final IllegalArgumentException iae) {
throw new IllegalStateException(String.format("Unrecognized client auth '%s'. Possible values are [%s]",
- rawClientAuth, StringUtils.join(SslContextFactory.ClientAuth.values(), ", ")));
+ rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
}
}
diff --git a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services/src/main/java/org/apache/nifi/service/CassandraSessionProvider.java b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services/src/main/java/org/apache/nifi/service/CassandraSessionProvider.java
index 89b1924..4facfed 100644
--- a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services/src/main/java/org/apache/nifi/service/CassandraSessionProvider.java
+++ b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-services/src/main/java/org/apache/nifi/service/CassandraSessionProvider.java
@@ -22,12 +22,12 @@ import com.datastax.driver.core.JdkSSLOptions;
import com.datastax.driver.core.Metadata;
import com.datastax.driver.core.ProtocolOptions;
import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SocketOptions;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import javax.net.ssl.SSLContext;
-import com.datastax.driver.core.SocketOptions;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
@@ -44,7 +44,7 @@ import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
@Tags({"cassandra", "dbcp", "database", "connection", "pooling"})
@@ -89,7 +89,7 @@ public class CassandraSessionProvider extends AbstractControllerService implemen
+ "Possible values are REQUIRED, WANT, NONE. This property is only used when an SSL Context "
+ "has been defined and enabled.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
+ .allowableValues(ClientAuth.values())
.defaultValue("REQUIRED")
.build();
@@ -223,15 +223,15 @@ public class CassandraSessionProvider extends AbstractControllerService implemen
final SSLContext sslContext;
if (sslService != null) {
- final SslContextFactory.ClientAuth clientAuth;
+ final ClientAuth clientAuth;
if (StringUtils.isBlank(rawClientAuth)) {
- clientAuth = SslContextFactory.ClientAuth.REQUIRED;
+ clientAuth = ClientAuth.REQUIRED;
} else {
try {
- clientAuth = SslContextFactory.ClientAuth.valueOf(rawClientAuth);
+ clientAuth = ClientAuth.valueOf(rawClientAuth);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]",
- rawClientAuth, StringUtils.join(SslContextFactory.ClientAuth.values(), ", ")));
+ rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
}
}
sslContext = sslService.createSSLContext(clientAuth);
diff --git a/nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java b/nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
index e0db13f..cbf0fce 100644
--- a/nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
+++ b/nifi-nar-bundles/nifi-confluent-platform-bundle/nifi-confluent-schema-registry-service/src/main/java/org/apache/nifi/confluent/schemaregistry/ConfluentSchemaRegistry.java
@@ -47,7 +47,7 @@ import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.schema.access.SchemaField;
import org.apache.nifi.schema.access.SchemaNotFoundException;
import org.apache.nifi.schemaregistry.services.SchemaRegistry;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.serialization.record.RecordSchema;
import org.apache.nifi.serialization.record.SchemaIdentifier;
import org.apache.nifi.ssl.SSLContextService;
diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java
index aa0aa3f..f58812a 100644
--- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java
+++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java
@@ -50,7 +50,7 @@ import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StopWatch;
import org.apache.nifi.util.StringUtils;
@@ -59,7 +59,7 @@ import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
public class ElasticSearchClientServiceImpl extends AbstractControllerService implements ElasticSearchClientService {
- private ObjectMapper mapper = new ObjectMapper();
+ private final ObjectMapper mapper = new ObjectMapper();
static final private List<PropertyDescriptor> properties;
@@ -126,7 +126,7 @@ public class ElasticSearchClientServiceImpl extends AbstractControllerService im
final SSLContext sslContext;
try {
sslContext = (sslService != null && (sslService.isKeyStoreConfigured() || sslService.isTrustStoreConfigured()))
- ? sslService.createSSLContext(SslContextFactory.ClientAuth.NONE) : null;
+ ? sslService.createSSLContext(ClientAuth.NONE) : null;
} catch (Exception e) {
getLogger().error("Error building up SSL Context from the supplied configuration.", e);
throw new InitializationException(e);
diff --git a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ListenSMTP.java b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ListenSMTP.java
index b443fd4..4d4c27f 100644
--- a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ListenSMTP.java
+++ b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ListenSMTP.java
@@ -49,7 +49,7 @@ import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.email.smtp.SmtpConsumer;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
import org.springframework.util.StringUtils;
@@ -133,7 +133,7 @@ public class ListenSMTP extends AbstractSessionFactoryProcessor {
.displayName("Client Auth")
.description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.NONE.name(), SslContextFactory.ClientAuth.REQUIRED.name())
+ .allowableValues(ClientAuth.NONE.name(), ClientAuth.REQUIRED.name())
.build();
protected static final PropertyDescriptor SMTP_HOSTNAME = new PropertyDescriptor.Builder()
@@ -249,12 +249,12 @@ public class ListenSMTP extends AbstractSessionFactoryProcessor {
public SSLSocket createSSLSocket(Socket socket) throws IOException {
InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
String clientAuth = context.getProperty(CLIENT_AUTH).getValue();
- SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuth));
+ SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuth));
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) (socketFactory.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true));
sslSocket.setUseClientMode(false);
- if (SslContextFactory.ClientAuth.REQUIRED.toString().equals(clientAuth)) {
+ if (ClientAuth.REQUIRED.toString().equals(clientAuth)) {
this.setRequireTLS(true);
sslSocket.setNeedClientAuth(true);
}
diff --git a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
index 2e6c783..7138bcf 100644
--- a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
+++ b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
@@ -19,22 +19,19 @@ package org.apache.nifi.processors.email;
import static org.junit.Assert.assertTrue;
import java.util.Properties;
-
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
-
import org.apache.nifi.remote.io.socket.NetworkUtils;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
import org.apache.nifi.ssl.StandardSSLContextService;
import org.apache.nifi.util.TestRunner;
import org.apache.nifi.util.TestRunners;
-
import org.junit.Test;
public class TestListenSMTP {
@@ -98,7 +95,7 @@ public class TestListenSMTP {
// and add the SSL context to the runner
runner.setProperty(ListenSMTP.SSL_CONTEXT_SERVICE, "ssl-context");
- runner.setProperty(ListenSMTP.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
+ runner.setProperty(ListenSMTP.CLIENT_AUTH, ClientAuth.NONE.name());
runner.assertValid();
runner.run(1, false);
diff --git a/nifi-nar-bundles/nifi-extension-utils/nifi-processor-utils/src/main/java/org/apache/nifi/processor/util/listen/dispatcher/SocketChannelDispatcher.java b/nifi-nar-bundles/nifi-extension-utils/nifi-processor-utils/src/main/java/org/apache/nifi/processor/util/listen/dispatcher/SocketChannelDispatcher.java
index 9f73b28..d0be256 100644
--- a/nifi-nar-bundles/nifi-extension-utils/nifi-processor-utils/src/main/java/org/apache/nifi/processor/util/listen/dispatcher/SocketChannelDispatcher.java
+++ b/nifi-nar-bundles/nifi-extension-utils/nifi-processor-utils/src/main/java/org/apache/nifi/processor/util/listen/dispatcher/SocketChannelDispatcher.java
@@ -16,16 +16,6 @@
*/
package org.apache.nifi.processor.util.listen.dispatcher;
-import org.apache.commons.io.IOUtils;
-import org.apache.nifi.logging.ComponentLog;
-import org.apache.nifi.processor.util.listen.event.Event;
-import org.apache.nifi.processor.util.listen.event.EventFactory;
-import org.apache.nifi.processor.util.listen.handler.ChannelHandlerFactory;
-import org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel;
-import org.apache.nifi.security.util.SslContextFactory;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
@@ -44,6 +34,15 @@ import java.util.concurrent.Executors;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import org.apache.commons.io.IOUtils;
+import org.apache.nifi.logging.ComponentLog;
+import org.apache.nifi.processor.util.listen.event.Event;
+import org.apache.nifi.processor.util.listen.event.EventFactory;
+import org.apache.nifi.processor.util.listen.handler.ChannelHandlerFactory;
+import org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel;
+import org.apache.nifi.security.util.ClientAuth;
/**
* Accepts Socket connections on the given port and creates a handler for each connection to
@@ -58,7 +57,7 @@ public class SocketChannelDispatcher<E extends Event<SocketChannel>> implements
private final ComponentLog logger;
private final int maxConnections;
private final SSLContext sslContext;
- private final SslContextFactory.ClientAuth clientAuth;
+ private final ClientAuth clientAuth;
private final Charset charset;
private ExecutorService executor;
@@ -75,7 +74,7 @@ public class SocketChannelDispatcher<E extends Event<SocketChannel>> implements
final int maxConnections,
final SSLContext sslContext,
final Charset charset) {
- this(eventFactory, handlerFactory, bufferPool, events, logger, maxConnections, sslContext, SslContextFactory.ClientAuth.REQUIRED, charset);
+ this(eventFactory, handlerFactory, bufferPool, events, logger, maxConnections, sslContext, ClientAuth.REQUIRED, charset);
}
public SocketChannelDispatcher(final EventFactory<E> eventFactory,
@@ -85,7 +84,7 @@ public class SocketChannelDispatcher<E extends Event<SocketChannel>> implements
final ComponentLog logger,
final int maxConnections,
final SSLContext sslContext,
- final SslContextFactory.ClientAuth clientAuth,
+ final ClientAuth clientAuth,
final Charset charset) {
this.eventFactory = eventFactory;
this.handlerFactory = handlerFactory;
diff --git a/nifi-nar-bundles/nifi-extension-utils/nifi-record-utils/nifi-standard-record-utils/src/main/java/org/apache/nifi/record/listen/SocketChannelRecordReaderDispatcher.java b/nifi-nar-bundles/nifi-extension-utils/nifi-record-utils/nifi-standard-record-utils/src/main/java/org/apache/nifi/record/listen/SocketChannelRecordReaderDispatcher.java
index 2e6ecc2..2c7c93a 100644
--- a/nifi-nar-bundles/nifi-extension-utils/nifi-record-utils/nifi-standard-record-utils/src/main/java/org/apache/nifi/record/listen/SocketChannelRecordReaderDispatcher.java
+++ b/nifi-nar-bundles/nifi-extension-utils/nifi-record-utils/nifi-standard-record-utils/src/main/java/org/apache/nifi/record/listen/SocketChannelRecordReaderDispatcher.java
@@ -16,13 +16,6 @@
*/
package org.apache.nifi.record.listen;
-import org.apache.nifi.logging.ComponentLog;
-import org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel;
-import org.apache.nifi.security.util.SslContextFactory;
-import org.apache.nifi.serialization.RecordReaderFactory;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
import java.io.Closeable;
import java.net.SocketAddress;
import java.net.StandardSocketOptions;
@@ -30,6 +23,12 @@ import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.atomic.AtomicInteger;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import org.apache.nifi.logging.ComponentLog;
+import org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel;
+import org.apache.nifi.security.util.ClientAuth;
+import org.apache.nifi.serialization.RecordReaderFactory;
/**
* Accepts connections on the given ServerSocketChannel and dispatches a SocketChannelRecordReader for processing.
@@ -38,7 +37,7 @@ public class SocketChannelRecordReaderDispatcher implements Runnable, Closeable
private final ServerSocketChannel serverSocketChannel;
private final SSLContext sslContext;
- private final SslContextFactory.ClientAuth clientAuth;
+ private final ClientAuth clientAuth;
private final int socketReadTimeout;
private final int receiveBufferSize;
private final int maxConnections;
@@ -52,7 +51,7 @@ public class SocketChannelRecordReaderDispatcher implements Runnable, Closeable
public SocketChannelRecordReaderDispatcher(final ServerSocketChannel serverSocketChannel,
final SSLContext sslContext,
- final SslContextFactory.ClientAuth clientAuth,
+ final ClientAuth clientAuth,
final int socketReadTimeout,
final int receiveBufferSize,
final int maxConnections,
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
index 55c9198..44e4bbd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
@@ -53,6 +53,12 @@
<artifactId>nifi-stateless</artifactId>
<version>1.12.1-SNAPSHOT</version>
</dependency>
+ <!-- Override scope to compile since framework NAR won't get this from a parent NAR -->
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-security-utils-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
<!-- mark these nifi artifacts as provided since it is included in the lib -->
<dependency>
@@ -75,6 +81,6 @@
<artifactId>nifi-properties</artifactId>
<scope>provided</scope>
</dependency>
-
+
</dependencies>
</project>
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml
index ebbeeee..2e525a0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml
@@ -84,7 +84,7 @@
<configuration>
<excludes>**/authorization/file/generated/*.java,**/authorization/file/tenants/generated/*.java,**/user/generated/*.java</excludes>
</configuration>
- </plugin>
+ </plugin>
</plugins>
</build>
<profiles>
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java
index b7de635..c76cb4c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java
@@ -18,7 +18,7 @@ package org.apache.nifi.cluster.protocol.spring;
import java.util.concurrent.TimeUnit;
import org.apache.nifi.io.socket.ServerSocketConfiguration;
-import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.springframework.beans.factory.FactoryBean;
@@ -44,7 +44,7 @@ public class ServerSocketConfigurationFactoryBean implements FactoryBean<ServerS
// If the cluster protocol is marked as secure
if (Boolean.parseBoolean(properties.getProperty(NiFiProperties.CLUSTER_PROTOCOL_IS_SECURE))) {
// Parse the TLS configuration from the properties
- configuration.setTlsConfiguration(TlsConfiguration.fromNiFiProperties(properties));
+ configuration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(properties));
}
}
return configuration;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/SocketConfigurationFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/SocketConfigurationFactoryBean.java
index 5458f1e..1d134d7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/SocketConfigurationFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/SocketConfigurationFactoryBean.java
@@ -18,7 +18,7 @@ package org.apache.nifi.cluster.protocol.spring;
import java.util.concurrent.TimeUnit;
import org.apache.nifi.io.socket.SocketConfiguration;
-import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.springframework.beans.factory.FactoryBean;
@@ -44,7 +44,7 @@ public class SocketConfigurationFactoryBean implements FactoryBean<SocketConfigu
// If the cluster protocol is marked as secure
if (Boolean.parseBoolean(properties.getProperty(NiFiProperties.CLUSTER_PROTOCOL_IS_SECURE))) {
// Parse the TLS configuration from the properties
- configuration.setTlsConfiguration(TlsConfiguration.fromNiFiProperties(properties));
+ configuration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(properties));
}
}
return configuration;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
index 6f88b37..e8506bd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
@@ -54,6 +54,7 @@ import org.apache.nifi.cluster.coordination.http.replication.HttpReplicationClie
import org.apache.nifi.cluster.coordination.http.replication.PreparedRequest;
import org.apache.nifi.remote.protocol.http.HttpHeaders;
import org.apache.nifi.security.util.OkHttpClientUtils;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.stream.io.GZIPOutputStream;
import org.apache.nifi.util.FormatUtils;
@@ -62,8 +63,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StreamUtils;
-// Using static imports because of the name conflict:
-
public class OkHttpReplicationClient implements HttpReplicationClient {
private static final Logger logger = LoggerFactory.getLogger(OkHttpReplicationClient.class);
private static final Set<String> gzipEncodings = Stream.of("gzip", "x-gzip").collect(Collectors.toSet());
@@ -318,7 +317,7 @@ public class OkHttpReplicationClient implements HttpReplicationClient {
// Apply the TLS configuration, if present
try {
- TlsConfiguration tlsConfiguration = TlsConfiguration.fromNiFiProperties(properties);
+ TlsConfiguration tlsConfiguration = StandardTlsConfiguration.fromNiFiProperties(properties);
tlsConfigured = OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, okHttpClientBuilder);
} catch (Exception e) {
// Legacy expectations around this client are that it does not throw an exception on invalid TLS configuration
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
index 500cb15..3b9d613 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
@@ -208,6 +208,7 @@ import org.apache.nifi.reporting.StandardEventAccess;
import org.apache.nifi.reporting.UserAwareEventAccess;
import org.apache.nifi.scheduling.SchedulingStrategy;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.services.FlowService;
@@ -286,7 +287,7 @@ public class FlowController implements ReportingTaskProvider, Authorizable, Node
private final ConcurrentMap<String, Port> allOutputPorts = new ConcurrentHashMap<>();
private final ConcurrentMap<String, Funnel> allFunnels = new ConcurrentHashMap<>();
- private volatile ZooKeeperStateServer zooKeeperStateServer;
+ private final ZooKeeperStateServer zooKeeperStateServer;
// The Heartbeat Bean is used to provide an Atomic Reference to data that is used in heartbeats that may
// change while the instance is running. We do this because we want to generate heartbeats even if we
@@ -468,7 +469,7 @@ public class FlowController implements ReportingTaskProvider, Authorizable, Node
try {
// Form the container object from the properties
- TlsConfiguration tlsConfiguration = TlsConfiguration.fromNiFiProperties(nifiProperties);
+ TlsConfiguration tlsConfiguration = StandardTlsConfiguration.fromNiFiProperties(nifiProperties);
this.sslContext = SslContextFactory.createSslContext(tlsConfiguration);
} catch (TlsException e) {
LOG.error("Unable to start the flow controller because the TLS configuration was invalid: {}", e.getLocalizedMessage());
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServer.java
index b2f91ce..97b08cd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServer.java
@@ -37,6 +37,7 @@ import javax.net.ssl.SSLServerSocket;
import org.apache.nifi.events.EventReporter;
import org.apache.nifi.reporting.Severity;
import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -117,7 +118,7 @@ public class ConnectionLoadBalanceServer {
final SSLServerSocket serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(port, 50, inetAddress);
serverSocket.setNeedClientAuth(true);
// Enforce custom protocols on socket
- serverSocket.setEnabledProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
+ serverSocket.setEnabledProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
return serverSocket;
}
}
@@ -132,6 +133,7 @@ public class ConnectionLoadBalanceServer {
private volatile boolean stopped = false;
+ // This should be final but it is not to allow override during testing; no production code modifies the value
private static int EXCEPTION_THRESHOLD_MILLIS = 10_000;
private volatile long tlsErrorLastSeen = -1;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java
index a43728d..3214fd7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java
@@ -56,13 +56,13 @@ import org.apache.nifi.processor.SimpleProcessLogger;
import org.apache.nifi.processor.StandardValidationContext;
import org.apache.nifi.registry.VariableRegistry;
import org.apache.nifi.security.util.SslContextFactory;
-import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class StandardStateManagerProvider implements StateManagerProvider{
+public class StandardStateManagerProvider implements StateManagerProvider {
private static final Logger logger = LoggerFactory.getLogger(StandardStateManagerProvider.class);
private static StateManagerProvider provider;
@@ -219,7 +219,7 @@ public class StandardStateManagerProvider implements StateManagerProvider{
final SSLContext sslContext;
try {
- sslContext = SslContextFactory.createSslContext(TlsConfiguration.fromNiFiProperties(properties));
+ sslContext = SslContextFactory.createSslContext(StandardTlsConfiguration.fromNiFiProperties(properties));
} catch (TlsException e) {
logger.error("Encountered an error configuring TLS for state manager: ", e);
throw new IllegalStateException("Error configuring TLS for state manager", e);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java
index ed4feb9..5987b1d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java
@@ -23,16 +23,15 @@ import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.net.ssl.SSLContext;
+import org.apache.http.client.utils.URIBuilder;
import org.apache.nifi.security.util.SslContextFactory;
-import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.NiFiProperties;
-import org.apache.http.client.utils.URIBuilder;
-
public class StandardFlowRegistryClient implements FlowRegistryClient {
private NiFiProperties nifiProperties;
- private ConcurrentMap<String, FlowRegistry> registryById = new ConcurrentHashMap<>();
+ private final ConcurrentMap<String, FlowRegistry> registryById = new ConcurrentHashMap<>();
@Override
public FlowRegistry getFlowRegistry(String registryId) {
@@ -79,7 +78,7 @@ public class StandardFlowRegistryClient implements FlowRegistryClient {
final FlowRegistry registry;
if (uriScheme.equalsIgnoreCase("http") || uriScheme.equalsIgnoreCase("https")) {
try {
- final SSLContext sslContext = SslContextFactory.createSslContext(TlsConfiguration.fromNiFiProperties(nifiProperties));
+ final SSLContext sslContext = SslContextFactory.createSslContext(StandardTlsConfiguration.fromNiFiProperties(nifiProperties));
if (sslContext == null && uriScheme.equalsIgnoreCase("https")) {
throw new IllegalStateException("Failed to create Flow Registry for URI " + registryUrl
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/groovy/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServerTest.groovy b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/groovy/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServerTest.groovy
index 90fb5ec..8bf702b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/groovy/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServerTest.groovy
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/groovy/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServerTest.groovy
@@ -18,10 +18,11 @@ package org.apache.nifi.controller.queue.clustered.server
import org.apache.nifi.events.EventReporter
import org.apache.nifi.reporting.Severity
-import org.apache.nifi.security.util.CertificateUtils
+import org.apache.nifi.security.util.ClientAuth
import org.apache.nifi.security.util.KeyStoreUtils
import org.apache.nifi.security.util.KeystoreType
import org.apache.nifi.security.util.SslContextFactory
+import org.apache.nifi.security.util.StandardTlsConfiguration
import org.apache.nifi.security.util.TlsConfiguration
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.junit.After
@@ -68,7 +69,7 @@ class ConnectionLoadBalanceServerTest extends GroovyTestCase {
logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
}
- tlsConfiguration = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ tlsConfiguration = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
sslContext = SslContextFactory.createSslContext(tlsConfiguration)
}
@@ -90,7 +91,7 @@ class ConnectionLoadBalanceServerTest extends GroovyTestCase {
* @param expectedProtocols the specific protocol versions to be present (ordered as desired)
*/
void assertProtocolVersions(def enabledProtocols, def expectedProtocols) {
- if (CertificateUtils.getJavaVersion() > 8) {
+ if (TlsConfiguration.getJavaVersion() > 8) {
assert enabledProtocols == expectedProtocols as String[]
} else {
assert enabledProtocols as Set == expectedProtocols as Set
@@ -101,7 +102,7 @@ class ConnectionLoadBalanceServerTest extends GroovyTestCase {
void testRequestPeerListShouldUseTLS() {
// Arrange
logger.info("Creating SSL Context from TLS Configuration: ${tlsConfiguration}")
- SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
def mockLBP = [
@@ -119,13 +120,13 @@ class ConnectionLoadBalanceServerTest extends GroovyTestCase {
// Assert that the default parameters (which can't be modified) still have legacy protocols and no client auth
def defaultSSLParameters = sslContext.defaultSSLParameters
logger.info("Default SSL Parameters: ${KeyStoreUtils.sslParametersToString(defaultSSLParameters)}" as String)
- assertProtocolVersions(defaultSSLParameters.protocols, CertificateUtils.getCurrentSupportedTlsProtocolVersions() + ["TLSv1.1", "TLSv1"])
+ assertProtocolVersions(defaultSSLParameters.protocols, TlsConfiguration.getCurrentSupportedTlsProtocolVersions() + ["TLSv1.1", "TLSv1"])
assert !defaultSSLParameters.needClientAuth
// Assert that the actual socket is set correctly due to the override in the LB server
SSLServerSocket socket = lbServer.serverSocket as SSLServerSocket
logger.info("Created SSL server socket: ${KeyStoreUtils.sslServerSocketToString(socket)}" as String)
- assertProtocolVersions(socket.enabledProtocols, CertificateUtils.getCurrentSupportedTlsProtocolVersions())
+ assertProtocolVersions(socket.enabledProtocols, TlsConfiguration.getCurrentSupportedTlsProtocolVersions())
assert socket.needClientAuth
// Clean up
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/queue/clustered/LoadBalancedQueueIT.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/queue/clustered/LoadBalancedQueueIT.java
index 354135f..30b7cf2 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/queue/clustered/LoadBalancedQueueIT.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/queue/clustered/LoadBalancedQueueIT.java
@@ -92,9 +92,10 @@ import org.apache.nifi.controller.repository.claim.ResourceClaimManager;
import org.apache.nifi.controller.repository.claim.StandardResourceClaimManager;
import org.apache.nifi.events.EventReporter;
import org.apache.nifi.provenance.ProvenanceRepository;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.junit.Before;
@@ -192,9 +193,9 @@ public class LoadBalancedQueueIT {
final String keyPass = keystorePass;
final String truststore = "src/test/resources/localhost-ts.jks";
final String truststorePass = "wAOR0nQJ2EXvOP0JZ2EaqA/n7W69ILS4sWAHghmIWCc";
- TlsConfiguration tlsConfiguration = new TlsConfiguration(keystore, keystorePass, keyPass, KeystoreType.JKS,
- truststore, truststorePass, KeystoreType.JKS, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration(keystore, keystorePass, keyPass, KeystoreType.JKS,
+ truststore, truststorePass, KeystoreType.JKS, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ sslContext = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.REQUIRED);
}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java
index 8a6d993..a2d1d23 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java
@@ -47,6 +47,7 @@ import org.apache.nifi.remote.protocol.CommunicationsSession;
import org.apache.nifi.remote.protocol.RequestType;
import org.apache.nifi.remote.protocol.ServerProtocol;
import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -60,7 +61,7 @@ public class SocketRemoteSiteListener implements RemoteSiteListener {
private final NiFiProperties nifiProperties;
private final PeerDescriptionModifier peerDescriptionModifier;
- private static int EXCEPTION_THRESHOLD_MILLIS = 10_000;
+ private static final int EXCEPTION_THRESHOLD_MILLIS = 10_000;
private volatile long tlsErrorLastSeen = -1;
private final AtomicBoolean stopped = new AtomicBoolean(false);
@@ -346,7 +347,7 @@ public class SocketRemoteSiteListener implements RemoteSiteListener {
final SSLServerSocket serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(socketPort);
serverSocket.setNeedClientAuth(true);
// Enforce custom protocols on socket
- serverSocket.setEnabledProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
+ serverSocket.setEnabledProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
return serverSocket;
} else {
return new ServerSocket(socketPort);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/groovy/org/apache/nifi/remote/SocketRemoteSiteListenerTest.groovy b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/groovy/org/apache/nifi/remote/SocketRemoteSiteListenerTest.groovy
index 3955f49..a5c5335 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/groovy/org/apache/nifi/remote/SocketRemoteSiteListenerTest.groovy
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/groovy/org/apache/nifi/remote/SocketRemoteSiteListenerTest.groovy
@@ -16,10 +16,12 @@
*/
package org.apache.nifi.remote
-import org.apache.nifi.security.util.CertificateUtils
+
+import org.apache.nifi.security.util.ClientAuth
import org.apache.nifi.security.util.KeyStoreUtils
import org.apache.nifi.security.util.KeystoreType
import org.apache.nifi.security.util.SslContextFactory
+import org.apache.nifi.security.util.StandardTlsConfiguration
import org.apache.nifi.security.util.TlsConfiguration
import org.apache.nifi.util.NiFiProperties
import org.bouncycastle.jce.provider.BouncyCastleProvider
@@ -79,7 +81,7 @@ class SocketRemoteSiteListenerTest extends GroovyTestCase {
logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
}
- tlsConfiguration = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ tlsConfiguration = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
sslContext = SslContextFactory.createSslContext(tlsConfiguration)
}
@@ -101,7 +103,7 @@ class SocketRemoteSiteListenerTest extends GroovyTestCase {
* @param expectedProtocols the specific protocol versions to be present (ordered as desired)
*/
void assertProtocolVersions(def enabledProtocols, def expectedProtocols) {
- if (CertificateUtils.getJavaVersion() > 8) {
+ if (TlsConfiguration.getJavaVersion() > 8) {
assert enabledProtocols == expectedProtocols as String[]
} else {
assert enabledProtocols as Set == expectedProtocols as Set
@@ -112,7 +114,7 @@ class SocketRemoteSiteListenerTest extends GroovyTestCase {
void testShouldCreateSecureServer() {
// Arrange
logger.info("Creating SSL Context from TLS Configuration: ${tlsConfiguration}")
- SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
srsListener = new SocketRemoteSiteListener(PORT, sslContext, mockNiFiProperties)
@@ -125,13 +127,13 @@ class SocketRemoteSiteListenerTest extends GroovyTestCase {
// serverSocket isn't instance field like CLBS so have to use private method invocation to verify
SSLServerSocket sslServerSocket = srsListener.createServerSocket() as SSLServerSocket
logger.info("Created SSL server socket: ${KeyStoreUtils.sslServerSocketToString(sslServerSocket)}" as String)
- assertProtocolVersions(sslServerSocket.enabledProtocols, CertificateUtils.getCurrentSupportedTlsProtocolVersions())
+ assertProtocolVersions(sslServerSocket.enabledProtocols, TlsConfiguration.getCurrentSupportedTlsProtocolVersions())
assert sslServerSocket.needClientAuth
// Assert that the default parameters (which can't be modified) still have legacy protocols and no client auth
def defaultSSLParameters = sslContext.defaultSSLParameters
logger.info("Default SSL Parameters: ${KeyStoreUtils.sslParametersToString(defaultSSLParameters)}" as String)
- assertProtocolVersions(defaultSSLParameters.getProtocols(), CertificateUtils.getCurrentSupportedTlsProtocolVersions().sort().reverse() + ["TLSv1.1", "TLSv1"])
+ assertProtocolVersions(defaultSSLParameters.getProtocols(), TlsConfiguration.getCurrentSupportedTlsProtocolVersions().sort().reverse() + ["TLSv1.1", "TLSv1"])
assert !defaultSSLParameters.needClientAuth
}
}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-stateless/src/main/java/org/apache/nifi/stateless/core/StatelessFlow.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-stateless/src/main/java/org/apache/nifi/stateless/core/StatelessFlow.java
index 6ca5320..1a35dee 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-stateless/src/main/java/org/apache/nifi/stateless/core/StatelessFlow.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-stateless/src/main/java/org/apache/nifi/stateless/core/StatelessFlow.java
@@ -54,8 +54,9 @@ import org.apache.nifi.registry.flow.VersionedProcessor;
import org.apache.nifi.registry.flow.VersionedRemoteGroupPort;
import org.apache.nifi.registry.flow.VersionedRemoteProcessGroup;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.stateless.bootstrap.ExtensionDiscovery;
import org.apache.nifi.stateless.bootstrap.InMemoryFlowFile;
@@ -372,9 +373,9 @@ public class StatelessFlow implements RunnableFlow {
final String truststoreType = sslObject.get(TRUSTSTORE_TYPE).getAsString();
try {
- TlsConfiguration tlsConfiguration = new TlsConfiguration(keystore, keystorePass, keyPass, keystoreType,
- truststore, truststorePass, truststoreType, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration(keystore, keystorePass, keyPass, keystoreType,
+ truststore, truststorePass, truststoreType, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ return SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.REQUIRED);
} catch (final Exception e) {
throw new RuntimeException("Failed to create Keystore", e);
}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
index e53c785..6fc9af9 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
@@ -73,8 +73,8 @@ import org.apache.nifi.nar.NarLoader;
import org.apache.nifi.nar.StandardExtensionDiscoveringManager;
import org.apache.nifi.nar.StandardNarLoader;
import org.apache.nifi.processor.DataUnit;
-import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.KeyStoreUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.services.FlowService;
import org.apache.nifi.ui.extension.UiExtension;
import org.apache.nifi.ui.extension.UiExtensionMapping;
@@ -982,7 +982,7 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader {
protected static void configureSslContextFactory(SslContextFactory.Server contextFactory, NiFiProperties props) {
// Explicitly exclude legacy TLS protocol versions
- contextFactory.setIncludeProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
+ contextFactory.setIncludeProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
contextFactory.setExcludeProtocols("TLS", "TLSv1", "TLSv1.1", "SSL", "SSLv2", "SSLv2Hello", "SSLv3");
// require client auth when not supporting login, Kerberos service, or anonymous access
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/groovy/org/apache/nifi/web/server/JettyServerGroovyTest.groovy b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/groovy/org/apache/nifi/web/server/JettyServerGroovyTest.groovy
index 054ad08..23f6158 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/groovy/org/apache/nifi/web/server/JettyServerGroovyTest.groovy
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/groovy/org/apache/nifi/web/server/JettyServerGroovyTest.groovy
@@ -24,7 +24,7 @@ import org.apache.nifi.nar.ExtensionMapping
import org.apache.nifi.nar.SystemBundle
import org.apache.nifi.processor.DataUnit
import org.apache.nifi.properties.StandardNiFiProperties
-import org.apache.nifi.security.util.CertificateUtils
+import org.apache.nifi.security.util.StandardTlsConfiguration
import org.apache.nifi.security.util.TlsConfiguration
import org.apache.nifi.util.NiFiProperties
import org.bouncycastle.jce.provider.BouncyCastleProvider
@@ -84,8 +84,8 @@ class JettyServerGroovyTest extends GroovyTestCase {
private static final List<String> TLS_1_3_CIPHER_SUITES = ["TLS_AES_128_GCM_SHA256"]
// Depending if the test is run on Java 8 or Java 11, these values change (TLSv1.2 vs. TLSv1.3)
- private static final CURRENT_TLS_PROTOCOL_VERSION = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion()
- private static final List<String> CURRENT_TLS_PROTOCOL_VERSIONS = CertificateUtils.getCurrentSupportedTlsProtocolVersions()
+ private static final CURRENT_TLS_PROTOCOL_VERSION = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion()
+ private static final List<String> CURRENT_TLS_PROTOCOL_VERSIONS = TlsConfiguration.getCurrentSupportedTlsProtocolVersions()
// These protocol versions should not ever be supported
static private final List<String> LEGACY_TLS_PROTOCOLS = ["TLS", "TLSv1", "TLSv1.1", "SSL", "SSLv2", "SSLv2Hello", "SSLv3"]
@@ -344,7 +344,7 @@ class JettyServerGroovyTest extends GroovyTestCase {
@Test
void testShouldSupportTLSv1_3OnJava11() {
// Arrange
- Assume.assumeTrue("This test should only run on Java 11+", CertificateUtils.getJavaVersion() >= 11)
+ Assume.assumeTrue("This test should only run on Java 11+", TlsConfiguration.getJavaVersion() >= 11)
Server internalServer = new Server()
JettyServer jetty = new JettyServer(internalServer, httpsProps)
@@ -354,7 +354,7 @@ class JettyServerGroovyTest extends GroovyTestCase {
internalServer.start()
// Create a (client) socket which only supports TLSv1.3
- TlsConfiguration tls13ClientConf = TlsConfiguration.fromNiFiProperties(httpsProps)
+ TlsConfiguration tls13ClientConf = StandardTlsConfiguration.fromNiFiProperties(httpsProps)
SSLSocketFactory socketFactory = org.apache.nifi.security.util.SslContextFactory.createSSLSocketFactory(tls13ClientConf)
SSLSocket socket = (SSLSocket) socketFactory.createSocket(HTTPS_HOSTNAME, HTTPS_PORT)
@@ -386,7 +386,7 @@ class JettyServerGroovyTest extends GroovyTestCase {
List<Connector> connectors = Arrays.asList(internalServer.connectors)
internalServer.start()
- TlsConfiguration tlsConfiguration = TlsConfiguration.fromNiFiProperties(httpsProps)
+ TlsConfiguration tlsConfiguration = StandardTlsConfiguration.fromNiFiProperties(httpsProps)
// Create a "default" (client) socket (which supports TLSv1.2)
SSLSocketFactory defaultSocketFactory = org.apache.nifi.security.util.SslContextFactory.createSSLSocketFactory(tlsConfiguration)
@@ -440,7 +440,7 @@ class JettyServerGroovyTest extends GroovyTestCase {
def isZulu = vendor =~ ZULU_RE || vendorVersion =~ ZULU_RE
logger.info("Vendor is Azul/Zulu: ${isZulu}")
- def majorJavaVersion = CertificateUtils.getJavaVersion()
+ def majorJavaVersion = TlsConfiguration.getJavaVersion()
logger.info("Detected major Java version: ${majorJavaVersion}")
// JDK 8 update 262 adds TLS 1.3 support to Java 8, and the Azul vendor throws a different exception than expected
@@ -476,8 +476,8 @@ class JettyServerGroovyTest extends GroovyTestCase {
private static void assertServerConnector(List<Connector> connectors,
String EXPECTED_TLS_PROTOCOL = "TLS",
- List<String> EXPECTED_INCLUDED_PROTOCOLS = CertificateUtils.getCurrentSupportedTlsProtocolVersions(),
- List<String> EXPECTED_SELECTED_PROTOCOLS = CertificateUtils.getCurrentSupportedTlsProtocolVersions(),
+ List<String> EXPECTED_INCLUDED_PROTOCOLS = TlsConfiguration.getCurrentSupportedTlsProtocolVersions(),
+ List<String> EXPECTED_SELECTED_PROTOCOLS = TlsConfiguration.getCurrentSupportedTlsProtocolVersions(),
String EXPECTED_HOSTNAME = HTTPS_HOSTNAME,
int EXPECTED_PORT = HTTPS_PORT) {
// Assert the server connector is correct
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OneWaySslAccessControlHelper.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OneWaySslAccessControlHelper.java
index cf9721f..6faf991 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OneWaySslAccessControlHelper.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OneWaySslAccessControlHelper.java
@@ -31,6 +31,7 @@ import org.apache.nifi.nar.NarUnpacker;
import org.apache.nifi.nar.StandardExtensionDiscoveringManager;
import org.apache.nifi.nar.SystemBundle;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.util.WebUtils;
@@ -40,13 +41,13 @@ import org.apache.nifi.web.util.WebUtils;
*/
public class OneWaySslAccessControlHelper {
- private NiFiTestUser user;
+ private final NiFiTestUser user;
private static final String CONTEXT_PATH = "/nifi-api";
private NiFiTestServer server;
- private String baseUrl;
- private String flowXmlPath;
+ private final String baseUrl;
+ private final String flowXmlPath;
public OneWaySslAccessControlHelper() throws Exception {
this("src/test/resources/access-control/nifi.properties");
@@ -90,7 +91,7 @@ public class OneWaySslAccessControlHelper {
baseUrl = server.getBaseUrl() + CONTEXT_PATH;
// Create a TlsConfiguration for the truststore properties only
- TlsConfiguration trustOnlyTlsConfiguration = TlsConfiguration.fromNiFiPropertiesTruststoreOnly(props);
+ TlsConfiguration trustOnlyTlsConfiguration = StandardTlsConfiguration.fromNiFiPropertiesTruststoreOnly(props);
// create the user
final Client client = WebUtils.createClient(null, SslContextFactory.createSslContext(trustOnlyTlsConfiguration));
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java
index e61dbae..1fdab5d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java
@@ -21,7 +21,7 @@ import java.util.Collections;
import javax.servlet.ServletContext;
import javax.ws.rs.client.Client;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.services.FlowService;
import org.apache.nifi.ui.extension.UiExtensionMapping;
@@ -168,7 +168,7 @@ public class NiFiTestServer {
}
public Client getClient() throws TlsException {
- return WebUtils.createClient(null, org.apache.nifi.security.util.SslContextFactory.createSslContext(TlsConfiguration.fromNiFiProperties(properties)));
+ return WebUtils.createClient(null, org.apache.nifi.security.util.SslContextFactory.createSslContext(StandardTlsConfiguration.fromNiFiProperties(properties)));
}
/**
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
index 42e30e8..2f111f3 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
@@ -44,6 +44,7 @@ import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
@@ -107,7 +108,7 @@ public class OcspCertificateValidator {
// initialize the client
if (HTTPS.equalsIgnoreCase(validationAuthorityURI.getScheme())) {
- TlsConfiguration tlsConfiguration = TlsConfiguration.fromNiFiProperties(properties);
+ TlsConfiguration tlsConfiguration = StandardTlsConfiguration.fromNiFiProperties(properties);
client = WebUtils.createClient(clientConfig, SslContextFactory.createSslContext(tlsConfiguration));
} else {
client = WebUtils.createClient(clientConfig);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/pom.xml
index 0c54ef6..db1e89e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/pom.xml
@@ -55,6 +55,11 @@
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-security-utils-api</artifactId>
+ <version>1.13.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
<artifactId>nifi-expression-language</artifactId>
<version>1.12.1-SNAPSHOT</version>
</dependency>
diff --git a/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/InvokeGRPC.java b/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/InvokeGRPC.java
index 582ff9e..1b9d087 100644
--- a/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/InvokeGRPC.java
+++ b/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/InvokeGRPC.java
@@ -58,7 +58,7 @@ import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
@EventDriven
@@ -240,7 +240,7 @@ public class InvokeGRPC extends AbstractProcessor {
// configure whether or not we're using secure comms
final boolean useSecure = context.getProperty(PROP_USE_SECURE).asBoolean();
final SSLContextService sslContextService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
- final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(ClientAuth.NONE);
if (useSecure && sslContext != null) {
SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
diff --git a/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/ListenGRPC.java b/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/ListenGRPC.java
index f34d1bc..f9e8616 100644
--- a/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/ListenGRPC.java
+++ b/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/ListenGRPC.java
@@ -23,7 +23,6 @@ import io.grpc.Server;
import io.grpc.ServerInterceptors;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyServerBuilder;
-import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.FileInputStream;
import java.io.IOException;
@@ -60,7 +59,6 @@ import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
@@ -171,7 +169,7 @@ public class ListenGRPC extends AbstractSessionFactoryProcessor {
final Integer flowControlWindow = context.getProperty(PROP_FLOW_CONTROL_WINDOW).asDataSize(DataUnit.B).intValue();
final Integer maxMessageSize = context.getProperty(PROP_MAX_MESSAGE_SIZE).asDataSize(DataUnit.B).intValue();
final SSLContextService sslContextService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
- final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(org.apache.nifi.security.util.ClientAuth.NONE);
final Pattern authorizedDnPattern = Pattern.compile(context.getProperty(PROP_AUTHORIZED_DN_PATTERN).getValue());
final FlowFileIngestServiceInterceptor callInterceptor = new FlowFileIngestServiceInterceptor(getLogger());
callInterceptor.enforceDNPattern(authorizedDnPattern);
@@ -213,9 +211,9 @@ public class ListenGRPC extends AbstractSessionFactoryProcessor {
}
trustManagerFactory.init(trustStore);
sslContextBuilder = sslContextBuilder.trustManager(trustManagerFactory);
- sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
+ sslContextBuilder = sslContextBuilder.clientAuth(io.netty.handler.ssl.ClientAuth.REQUIRE);
} else {
- sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.NONE);
+ sslContextBuilder = sslContextBuilder.clientAuth(io.netty.handler.ssl.ClientAuth.NONE);
}
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder);
serverBuilder = serverBuilder.sslContext(sslContextBuilder.build());
diff --git a/nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/src/main/java/org/apache/nifi/jms/cf/JMSConnectionFactoryHandler.java b/nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/src/main/java/org/apache/nifi/jms/cf/JMSConnectionFactoryHandler.java
index fe77500..288da8d 100644
--- a/nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/src/main/java/org/apache/nifi/jms/cf/JMSConnectionFactoryHandler.java
+++ b/nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/src/main/java/org/apache/nifi/jms/cf/JMSConnectionFactoryHandler.java
@@ -31,7 +31,7 @@ import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.ProcessContext;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
/**
diff --git a/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers-nar/pom.xml b/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers-nar/pom.xml
index fe95d57..7a36ed5 100644
--- a/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers-nar/pom.xml
@@ -31,6 +31,12 @@
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-kerberos-iaa-providers</artifactId>
</dependency>
+ <!-- Explicitly use compile scope since this NAR does not have a parent of standard services API -->
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-security-utils-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
<name>nifi-kerberos-iaa-providers-nar</name>
</project>
\ No newline at end of file
diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers-nar/pom.xml b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers-nar/pom.xml
index ceacfa1..27fc0ba 100644
--- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers-nar/pom.xml
@@ -31,6 +31,12 @@
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-ldap-iaa-providers</artifactId>
</dependency>
+ <!-- Explicitly use compile scope since this NAR does not have a parent of standard services API -->
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-security-utils-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
<name>nifi-ldap-iaa-providers-nar</name>
</project>
\ No newline at end of file
diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
index 4570faf..2547e73 100644
--- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
+++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
@@ -16,6 +16,11 @@
*/
package org.apache.nifi.ldap;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.naming.Context;
+import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authentication.AuthenticationResponse;
import org.apache.nifi.authentication.LoginCredentials;
@@ -27,8 +32,9 @@ import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException
import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.authentication.exception.ProviderDestructionException;
import org.apache.nifi.configuration.NonComponentConfigurationContext;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.FormatUtils;
@@ -50,12 +56,6 @@ import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.ldap.search.LdapUserSearch;
import org.springframework.security.ldap.userdetails.LdapUserDetails;
-import javax.naming.Context;
-import javax.net.ssl.SSLContext;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-
/**
* Abstract LDAP based implementation of a login identity provider.
*/
@@ -257,7 +257,8 @@ public class LdapProvider implements LoginIdentityProvider {
final String rawProtocol = configurationContext.getProperty("TLS - Protocol");
try {
- TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType,
+ rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
} catch (TlsException e) {
@@ -313,4 +314,4 @@ public class LdapProvider implements LoginIdentityProvider {
public final void preDestruction() throws ProviderDestructionException {
}
-}
+}
\ No newline at end of file
diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java
index 9d4bab0..a542f94 100644
--- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java
+++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java
@@ -52,8 +52,9 @@ import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.ldap.LdapAuthenticationStrategy;
import org.apache.nifi.ldap.LdapsSocketFactory;
import org.apache.nifi.ldap.ReferralStrategy;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.FormatUtils;
@@ -118,7 +119,7 @@ public class LdapUserGroupProvider implements UserGroupProvider {
private NiFiProperties properties;
private ScheduledExecutorService ldapSync;
- private AtomicReference<TenantHolder> tenants = new AtomicReference<>(null);
+ private final AtomicReference<TenantHolder> tenants = new AtomicReference<>(null);
private String userSearchBase;
private SearchScope userSearchScope;
@@ -824,7 +825,8 @@ public class LdapUserGroupProvider implements UserGroupProvider {
final String rawProtocol = configurationContext.getProperty("TLS - Protocol").getValue();
try {
- TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType,
+ rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
} catch (TlsException e) {
diff --git a/nifi-nar-bundles/nifi-lumberjack-bundle/nifi-lumberjack-processors/src/main/java/org/apache/nifi/processors/lumberjack/ListenLumberjack.java b/nifi-nar-bundles/nifi-lumberjack-bundle/nifi-lumberjack-processors/src/main/java/org/apache/nifi/processors/lumberjack/ListenLumberjack.java
index ec9ffde..7ff65ee 100644
--- a/nifi-nar-bundles/nifi-lumberjack-bundle/nifi-lumberjack-processors/src/main/java/org/apache/nifi/processors/lumberjack/ListenLumberjack.java
+++ b/nifi-nar-bundles/nifi-lumberjack-bundle/nifi-lumberjack-processors/src/main/java/org/apache/nifi/processors/lumberjack/ListenLumberjack.java
@@ -57,7 +57,7 @@ import org.apache.nifi.processors.lumberjack.frame.LumberjackEncoder;
import org.apache.nifi.processors.lumberjack.handler.LumberjackSocketChannelHandlerFactory;
import org.apache.nifi.processors.lumberjack.response.LumberjackChannelResponse;
import org.apache.nifi.processors.lumberjack.response.LumberjackResponse;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
@@ -141,7 +141,7 @@ public class ListenLumberjack extends AbstractListenEventBatchingProcessor<Lumbe
SSLContext sslContext = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
}
// if we decide to support SSL then get the context and pass it in here
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/pom.xml b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/pom.xml
index f0c2543..3df0b5d 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/pom.xml
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/pom.xml
@@ -44,7 +44,6 @@
<dependency>
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-ssl-context-service-api</artifactId>
- <scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/src/main/java/org/apache/nifi/mongodb/MongoDBClientService.java b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/src/main/java/org/apache/nifi/mongodb/MongoDBClientService.java
index e00bed4..76cf543 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/src/main/java/org/apache/nifi/mongodb/MongoDBClientService.java
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/src/main/java/org/apache/nifi/mongodb/MongoDBClientService.java
@@ -24,7 +24,7 @@ import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.bson.Document;
@@ -59,7 +59,7 @@ public interface MongoDBClientService extends ControllerService {
+ "Possible values are REQUIRED, WANT, NONE. This property is only used when an SSL Context "
+ "has been defined and enabled.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
+ .allowableValues(ClientAuth.values())
.defaultValue("REQUIRED")
.build();
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/main/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessor.java b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/main/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessor.java
index 524f6fb..79cd1d6 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/main/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessor.java
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/main/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessor.java
@@ -54,7 +54,7 @@ import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.bson.Document;
@@ -135,7 +135,7 @@ public abstract class AbstractMongoProcessor extends AbstractProcessor {
+ "Possible values are REQUIRED, WANT, NONE. This property is only used when an SSL Context "
+ "has been defined and enabled.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
+ .allowableValues(ClientAuth.values())
.defaultValue("REQUIRED")
.build();
@@ -245,15 +245,15 @@ public abstract class AbstractMongoProcessor extends AbstractProcessor {
final SSLContext sslContext;
if (sslService != null) {
- final SslContextFactory.ClientAuth clientAuth;
+ final ClientAuth clientAuth;
if (StringUtils.isBlank(rawClientAuth)) {
- clientAuth = SslContextFactory.ClientAuth.REQUIRED;
+ clientAuth = ClientAuth.REQUIRED;
} else {
try {
- clientAuth = SslContextFactory.ClientAuth.valueOf(rawClientAuth);
+ clientAuth = ClientAuth.valueOf(rawClientAuth);
} catch (final IllegalArgumentException iae) {
throw new IllegalStateException(String.format("Unrecognized client auth '%s'. Possible values are [%s]",
- rawClientAuth, StringUtils.join(SslContextFactory.ClientAuth.values(), ", ")));
+ rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
}
}
sslContext = sslService.createSSLContext(clientAuth);
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessorTest.java b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessorTest.java
index 8489af0..d8b8616 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessorTest.java
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessorTest.java
@@ -27,7 +27,7 @@ import javax.net.ssl.SSLContext;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.TestRunner;
import org.apache.nifi.util.TestRunners;
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-services/src/main/java/org/apache/nifi/mongodb/MongoDBControllerService.java b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-services/src/main/java/org/apache/nifi/mongodb/MongoDBControllerService.java
index 252e0d1..bb3a4ee 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-services/src/main/java/org/apache/nifi/mongodb/MongoDBControllerService.java
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-services/src/main/java/org/apache/nifi/mongodb/MongoDBControllerService.java
@@ -34,7 +34,7 @@ import org.apache.nifi.annotation.lifecycle.OnStopped;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
@Tags({"mongo", "mongodb", "service"})
@@ -61,6 +61,7 @@ public class MongoDBControllerService extends AbstractControllerService implemen
protected MongoClient mongoClient;
+ // TODO: Remove duplicate code by refactoring shared method to accept PropertyContext
protected final void createClient(ConfigurationContext context) {
if (mongoClient != null) {
closeClient();
@@ -74,15 +75,15 @@ public class MongoDBControllerService extends AbstractControllerService implemen
final SSLContext sslContext;
if (sslService != null) {
- final SslContextFactory.ClientAuth clientAuth;
+ final ClientAuth clientAuth;
if (StringUtils.isBlank(rawClientAuth)) {
- clientAuth = SslContextFactory.ClientAuth.REQUIRED;
+ clientAuth = ClientAuth.REQUIRED;
} else {
try {
- clientAuth = SslContextFactory.ClientAuth.valueOf(rawClientAuth);
+ clientAuth = ClientAuth.valueOf(rawClientAuth);
} catch (final IllegalArgumentException iae) {
throw new IllegalStateException(String.format("Unrecognized client auth '%s'. Possible values are [%s]",
- rawClientAuth, StringUtils.join(SslContextFactory.ClientAuth.values(), ", ")));
+ rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
}
}
sslContext = sslService.createSSLContext(clientAuth);
diff --git a/nifi-nar-bundles/nifi-site-to-site-reporting-bundle/nifi-site-to-site-reporting-task/src/main/java/org/apache/nifi/reporting/s2s/SiteToSiteUtils.java b/nifi-nar-bundles/nifi-site-to-site-reporting-bundle/nifi-site-to-site-reporting-task/src/main/java/org/apache/nifi/reporting/s2s/SiteToSiteUtils.java
index 8d6f10c..3d6f347 100644
--- a/nifi-nar-bundles/nifi-site-to-site-reporting-bundle/nifi-site-to-site-reporting-task/src/main/java/org/apache/nifi/reporting/s2s/SiteToSiteUtils.java
+++ b/nifi-nar-bundles/nifi-site-to-site-reporting-bundle/nifi-site-to-site-reporting-task/src/main/java/org/apache/nifi/reporting/s2s/SiteToSiteUtils.java
@@ -33,7 +33,7 @@ import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
import org.apache.nifi.remote.protocol.http.HttpProxy;
import org.apache.nifi.remote.util.SiteToSiteRestApiClient;
import org.apache.nifi.reporting.ReportingContext;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StringUtils;
@@ -147,7 +147,7 @@ public class SiteToSiteUtils {
public static SiteToSiteClient getClient(PropertyContext reportContext, ComponentLog logger, StateManager stateManager) {
final SSLContextService sslContextService = reportContext.getProperty(SiteToSiteUtils.SSL_CONTEXT).asControllerService(SSLContextService.class);
- final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(ClientAuth.REQUIRED);
final EventReporter eventReporter = (EventReporter) (severity, category, message) -> {
switch (severity) {
case WARNING:
diff --git a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/main/java/org/apache/nifi/processors/solr/SolrUtils.java b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/main/java/org/apache/nifi/processors/solr/SolrUtils.java
index af1f2a4..5f8a51a 100644
--- a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/main/java/org/apache/nifi/processors/solr/SolrUtils.java
+++ b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/main/java/org/apache/nifi/processors/solr/SolrUtils.java
@@ -55,7 +55,7 @@ import org.apache.nifi.kerberos.KerberosCredentialsService;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.io.OutputStreamCallback;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.serialization.RecordSetWriterFactory;
import org.apache.nifi.serialization.record.DataType;
import org.apache.nifi.serialization.record.ListRecordSet;
@@ -251,7 +251,7 @@ public class SolrUtils {
}
if (sslContextService != null) {
- final SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ final SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
final SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext);
HttpClientUtil.setSchemaRegistryProvider(new HttpClientUtil.SchemaRegistryProvider() {
@Override
@@ -326,7 +326,7 @@ public class SolrUtils {
* Writes each SolrDocument in XML format to the OutputStream.
*/
private static class QueryResponseOutputStreamCallback implements OutputStreamCallback {
- private QueryResponse response;
+ private final QueryResponse response;
public QueryResponseOutputStreamCallback(QueryResponse response) {
this.response = response;
diff --git a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java
index f4e1222..fd66a61 100644
--- a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java
+++ b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java
@@ -19,7 +19,6 @@ package org.apache.nifi.processors.solr;
import javax.net.ssl.SSLContext;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.ssl.SSLContextService;
@@ -29,13 +28,19 @@ import org.apache.nifi.ssl.SSLContextService;
* // TODO: Remove and use regular mocking or Groovy rather than shell implementation
*/
public class MockSSLContextService extends AbstractControllerService implements SSLContextService {
+
@Override
public TlsConfiguration createTlsConfiguration() {
return null;
}
@Override
- public SSLContext createSSLContext(SslContextFactory.ClientAuth clientAuth) throws ProcessException {
+ public SSLContext createSSLContext(org.apache.nifi.security.util.ClientAuth clientAuth) throws ProcessException {
+ return null;
+ }
+
+ @Override
+ public SSLContext createSSLContext(SSLContextService.ClientAuth clientAuth) throws ProcessException {
return null;
}
diff --git a/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-controller-service/src/main/java/org/apache/nifi/controller/livy/LivySessionController.java b/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-controller-service/src/main/java/org/apache/nifi/controller/livy/LivySessionController.java
index 7a9cf57..44a1fd5 100644
--- a/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-controller-service/src/main/java/org/apache/nifi/controller/livy/LivySessionController.java
+++ b/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-controller-service/src/main/java/org/apache/nifi/controller/livy/LivySessionController.java
@@ -76,7 +76,7 @@ import org.apache.nifi.hadoop.KerberosKeytabSPNegoAuthSchemeProvider;
import org.apache.nifi.kerberos.KerberosCredentialsService;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jettison.json.JSONException;
@@ -182,7 +182,7 @@ public class LivySessionController extends AbstractControllerService implements
private volatile String controllerKind;
private volatile String jars;
private volatile String files;
- private volatile Map<Integer, JSONObject> sessions = new ConcurrentHashMap<>();
+ private final Map<Integer, JSONObject> sessions = new ConcurrentHashMap<>();
private volatile SSLContextService sslContextService;
private volatile SSLContext sslContext;
private volatile int connectTimeout;
@@ -225,7 +225,7 @@ public class LivySessionController extends AbstractControllerService implements
final String jars = context.getProperty(JARS).evaluateAttributeExpressions().getValue();
final String files = context.getProperty(FILES).evaluateAttributeExpressions().getValue();
sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
- sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ sslContext = sslContextService == null ? null : sslContextService.createSSLContext(ClientAuth.NONE);
connectTimeout = Math.toIntExact(context.getProperty(CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS));
credentialsService = context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
diff --git a/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/main/java/org/apache/nifi/processors/splunk/PutSplunk.java b/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/main/java/org/apache/nifi/processors/splunk/PutSplunk.java
index 45c4707..7e15c14 100644
--- a/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/main/java/org/apache/nifi/processors/splunk/PutSplunk.java
+++ b/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/main/java/org/apache/nifi/processors/splunk/PutSplunk.java
@@ -45,7 +45,7 @@ import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.io.InputStreamCallback;
import org.apache.nifi.processor.util.put.AbstractPutEventProcessor;
import org.apache.nifi.processor.util.put.sender.ChannelSender;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.stream.io.ByteCountingInputStream;
import org.apache.nifi.stream.io.StreamUtils;
@@ -120,7 +120,7 @@ public class PutSplunk extends AbstractPutEventProcessor {
SSLContext sslContext = null;
if (sslContextService != null) {
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
}
return createSender(protocol, host, port, timeout, maxSendBuffer, sslContext);
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
index b207362..54a9bda 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
@@ -98,8 +98,8 @@ import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.standard.util.HTTPUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.KeyStoreUtils;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StopWatch;
import org.apache.nifi.util.Tuple;
@@ -241,7 +241,7 @@ public class GetHTTP extends AbstractSessionFactoryProcessor {
private Set<Relationship> relationships;
private List<PropertyDescriptor> properties;
- private volatile List<PropertyDescriptor> customHeaders = new ArrayList<>();
+ private final List<PropertyDescriptor> customHeaders = new ArrayList<>();
private final AtomicBoolean clearState = new AtomicBoolean(false);
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java
index d1e6cac..09a68eb 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java
@@ -57,7 +57,7 @@ import org.apache.nifi.processors.standard.relp.frame.RELPEncoder;
import org.apache.nifi.processors.standard.relp.handler.RELPSocketChannelHandlerFactory;
import org.apache.nifi.processors.standard.relp.response.RELPChannelResponse;
import org.apache.nifi.processors.standard.relp.response.RELPResponse;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
@@ -90,8 +90,8 @@ public class ListenRELP extends AbstractListenEventBatchingProcessor<RELPEvent>
.displayName("Client Auth")
.description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
- .defaultValue(SslContextFactory.ClientAuth.REQUIRED.name())
+ .allowableValues(ClientAuth.values())
+ .defaultValue(ClientAuth.REQUIRED.name())
.build();
private volatile RELPEncoder relpEncoder;
@@ -139,13 +139,13 @@ public class ListenRELP extends AbstractListenEventBatchingProcessor<RELPEvent>
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
- SslContextFactory.ClientAuth clientAuth = null;
+ ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
- clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
+ sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuthValue));
+ clientAuth = ClientAuth.valueOf(clientAuthValue);
}
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java
index a4d623b..77a9a28 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java
@@ -70,7 +70,7 @@ import org.apache.nifi.processor.util.listen.event.EventFactory;
import org.apache.nifi.processor.util.listen.handler.ChannelHandlerFactory;
import org.apache.nifi.processor.util.listen.handler.socket.SocketChannelHandlerFactory;
import org.apache.nifi.processor.util.listen.response.ChannelResponder;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.syslog.attributes.SyslogAttributes;
@@ -184,8 +184,8 @@ public class ListenSyslog extends AbstractSyslogProcessor {
.displayName("Client Auth")
.description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
- .defaultValue(SslContextFactory.ClientAuth.REQUIRED.name())
+ .allowableValues(ClientAuth.values())
+ .defaultValue(ClientAuth.REQUIRED.name())
.build();
public static final Relationship REL_SUCCESS = new Relationship.Builder()
@@ -204,7 +204,7 @@ public class ListenSyslog extends AbstractSyslogProcessor {
private volatile SyslogParser parser;
private volatile BlockingQueue<ByteBuffer> bufferPool;
private volatile BlockingQueue<RawSyslogEvent> syslogEvents;
- private volatile BlockingQueue<RawSyslogEvent> errorEvents = new LinkedBlockingQueue<>();
+ private final BlockingQueue<RawSyslogEvent> errorEvents = new LinkedBlockingQueue<>();
private volatile byte[] messageDemarcatorBytes; //it is only the array reference that is volatile - not the contents.
@Override
@@ -345,12 +345,12 @@ public class ListenSyslog extends AbstractSyslogProcessor {
} else {
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
- SslContextFactory.ClientAuth clientAuth = null;
+ ClientAuth clientAuth = null;
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
- clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
+ sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuthValue));
+ clientAuth = ClientAuth.valueOf(clientAuthValue);
}
final ChannelHandlerFactory<RawSyslogEvent<SocketChannel>, AsyncChannelDispatcher> handlerFactory = new SocketChannelHandlerFactory<>();
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCP.java
index 61a9624..8359221 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCP.java
@@ -49,7 +49,7 @@ import org.apache.nifi.processor.util.listen.event.StandardEvent;
import org.apache.nifi.processor.util.listen.event.StandardEventFactory;
import org.apache.nifi.processor.util.listen.handler.ChannelHandlerFactory;
import org.apache.nifi.processor.util.listen.handler.socket.SocketChannelHandlerFactory;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
@@ -79,8 +79,8 @@ public class ListenTCP extends AbstractListenEventBatchingProcessor<StandardEven
.name("Client Auth")
.description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
- .defaultValue(SslContextFactory.ClientAuth.REQUIRED.name())
+ .allowableValues(ClientAuth.values())
+ .defaultValue(ClientAuth.REQUIRED.name())
.build();
@Override
@@ -121,13 +121,13 @@ public class ListenTCP extends AbstractListenEventBatchingProcessor<StandardEven
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
- SslContextFactory.ClientAuth clientAuth = null;
+ ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
- clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
+ sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuthValue));
+ clientAuth = ClientAuth.valueOf(clientAuthValue);
}
final EventFactory<StandardEvent> eventFactory = new StandardEventFactory();
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCPRecord.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCPRecord.java
index 1007116..5aad87c 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCPRecord.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCPRecord.java
@@ -64,7 +64,7 @@ import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processor.util.listen.ListenerProperties;
import org.apache.nifi.record.listen.SocketChannelRecordReader;
import org.apache.nifi.record.listen.SocketChannelRecordReaderDispatcher;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.serialization.RecordReader;
import org.apache.nifi.serialization.RecordReaderFactory;
import org.apache.nifi.serialization.RecordSetWriter;
@@ -190,8 +190,8 @@ public class ListenTCPRecord extends AbstractProcessor {
.displayName("Client Auth")
.description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
- .defaultValue(SslContextFactory.ClientAuth.REQUIRED.name())
+ .allowableValues(ClientAuth.values())
+ .defaultValue(ClientAuth.REQUIRED.name())
.build();
static final Relationship REL_SUCCESS = new Relationship.Builder()
@@ -228,7 +228,7 @@ public class ListenTCPRecord extends AbstractProcessor {
private volatile int port;
private volatile SocketChannelRecordReaderDispatcher dispatcher;
- private volatile BlockingQueue<SocketChannelRecordReader> socketReaders = new LinkedBlockingQueue<>();
+ private final BlockingQueue<SocketChannelRecordReader> socketReaders = new LinkedBlockingQueue<>();
@Override
public Set<Relationship> getRelationships() {
@@ -276,12 +276,12 @@ public class ListenTCPRecord extends AbstractProcessor {
}
SSLContext sslContext = null;
- SslContextFactory.ClientAuth clientAuth = null;
+ ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
- clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
+ sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuthValue));
+ clientAuth = ClientAuth.valueOf(clientAuthValue);
}
// create a ServerSocketChannel in non-blocking mode and bind to the given address and port
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutSyslog.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutSyslog.java
index dae3835..3691770 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutSyslog.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutSyslog.java
@@ -54,7 +54,7 @@ import org.apache.nifi.processor.util.put.sender.ChannelSender;
import org.apache.nifi.processor.util.put.sender.DatagramChannelSender;
import org.apache.nifi.processor.util.put.sender.SSLSocketChannelSender;
import org.apache.nifi.processor.util.put.sender.SocketChannelSender;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.syslog.parsers.SyslogParser;
import org.apache.nifi.util.StopWatch;
@@ -249,7 +249,7 @@ public class PutSyslog extends AbstractSyslogProcessor {
} else {
// if an SSLContextService is provided then we make a secure sender
if (sslContextService != null) {
- final SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ final SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
sender = new SSLSocketChannelSender(host, port, maxSendBufferSize, sslContext, getLogger());
} else {
sender = new SocketChannelSender(host, port, maxSendBufferSize, getLogger());
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutTCP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutTCP.java
index de28fac..798fb5c 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutTCP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutTCP.java
@@ -42,7 +42,7 @@ import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.put.AbstractPutEventProcessor;
import org.apache.nifi.processor.util.put.sender.ChannelSender;
import org.apache.nifi.processor.util.put.sender.SocketChannelSender;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StopWatch;
@@ -115,7 +115,7 @@ public class PutTCP extends AbstractPutEventProcessor {
SSLContext sslContext = null;
if (sslContextService != null) {
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
}
return createSender(protocol, hostname, port, timeout, bufferSize, sslContext);
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestGetHTTPGroovy.groovy b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestGetHTTPGroovy.groovy
index a01874d..58b6293 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestGetHTTPGroovy.groovy
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestGetHTTPGroovy.groovy
@@ -366,7 +366,7 @@ class TestGetHTTPGroovy extends GroovyTestCase {
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, KEYSTORE_TYPE)
runner.setProperty(sslContextService, StandardSSLContextService.SSL_ALGORITHM, protocol)
runner.enableControllerService(sslContextService)
- def sslContext = sslContextService.createSSLContext(org.apache.nifi.security.util.SslContextFactory.ClientAuth.NONE)
+ def sslContext = sslContextService.createSSLContext(org.apache.nifi.security.util.ClientAuth.NONE)
logger.info("GetHTTP supported protocols: ${sslContext.protocol}")
logger.info("GetHTTP supported cipher suites: ${sslContext.supportedSSLParameters.cipherSuites}")
}
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestPostHTTPGroovy.groovy b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestPostHTTPGroovy.groovy
index 8b96bdc..7351943 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestPostHTTPGroovy.groovy
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestPostHTTPGroovy.groovy
@@ -330,7 +330,7 @@ class TestPostHTTPGroovy extends GroovyTestCase {
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, KEYSTORE_TYPE)
runner.setProperty(sslContextService, StandardSSLContextService.SSL_ALGORITHM, protocol)
runner.enableControllerService(sslContextService)
- def sslContext = sslContextService.createSSLContext(org.apache.nifi.security.util.SslContextFactory.ClientAuth.NONE)
+ def sslContext = sslContextService.createSSLContext(org.apache.nifi.security.util.ClientAuth.NONE)
logger.info("PostHTTP supported protocols: ${sslContext.protocol}")
logger.info("PostHTTP supported cipher suites: ${sslContext.supportedSSLParameters.cipherSuites}")
}
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ITestHandleHttpRequest.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ITestHandleHttpRequest.java
index 93510ee..ece1a93 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ITestHandleHttpRequest.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ITestHandleHttpRequest.java
@@ -59,8 +59,9 @@ import org.apache.nifi.http.HttpContextMap;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processors.standard.util.HTTPUtils;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
@@ -105,7 +106,7 @@ public class ITestHandleHttpRequest {
return properties;
}
- private static SSLContext useSSLContextService(final TestRunner controller, final Map<String, String> sslProperties, SslContextFactory.ClientAuth clientAuth) {
+ private static SSLContext useSSLContextService(final TestRunner controller, final Map<String, String> sslProperties, ClientAuth clientAuth) {
final SSLContextService service = new StandardRestrictedSSLContextService();
try {
controller.addControllerService("ssl-service", service, sslProperties);
@@ -121,10 +122,10 @@ public class ITestHandleHttpRequest {
@Before
public void setUp() throws Exception {
- clientTlsConfiguration = new TlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
- TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- trustOnlyTlsConfiguration = new TlsConfiguration(null, null, null, null,
- TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ clientTlsConfiguration = new StandardTlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
+ TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ trustOnlyTlsConfiguration = new StandardTlsConfiguration(null, null, null, null,
+ TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
}
@After
@@ -580,8 +581,8 @@ public class ITestHandleHttpRequest {
final Map<String, String> sslProperties = getServerKeystoreProperties();
sslProperties.putAll(getTruststoreProperties());
- sslProperties.put(StandardSSLContextService.SSL_ALGORITHM.getName(), CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- useSSLContextService(runner, sslProperties, twoWaySsl ? SslContextFactory.ClientAuth.REQUIRED : SslContextFactory.ClientAuth.NONE);
+ sslProperties.put(StandardSSLContextService.SSL_ALGORITHM.getName(), TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ useSSLContextService(runner, sslProperties, twoWaySsl ? ClientAuth.REQUIRED : ClientAuth.NONE);
final Thread httpThread = new Thread(new Runnable() {
@Override
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java
index e2e9011..4fc8661 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java
@@ -46,8 +46,8 @@ import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.remote.io.socket.NetworkUtils;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.ssl.SSLContextService;
@@ -106,10 +106,10 @@ public class TestListenHTTP {
runner.setVariable(PORT_VARIABLE, Integer.toString(availablePort));
runner.setVariable(BASEPATH_VARIABLE, HTTP_BASE_PATH);
- clientTlsConfiguration = new TlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
- TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- trustOnlyTlsConfiguration = new TlsConfiguration(null, null, null, null,
- TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ clientTlsConfiguration = new StandardTlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
+ TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ trustOnlyTlsConfiguration = new StandardTlsConfiguration(null, null, null, null,
+ TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
}
@After
@@ -157,7 +157,7 @@ public class TestListenHTTP {
@Test
public void testSecurePOSTRequestsReceivedWithoutEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(false);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -170,7 +170,7 @@ public class TestListenHTTP {
@Test
public void testSecurePOSTRequestsReturnCodeReceivedWithoutEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(false);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -184,7 +184,7 @@ public class TestListenHTTP {
@Test
public void testSecurePOSTRequestsReceivedWithEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(false);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, HTTP_SERVER_PORT_EL);
@@ -197,7 +197,7 @@ public class TestListenHTTP {
@Test
public void testSecurePOSTRequestsReturnCodeReceivedWithEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(false);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -211,7 +211,7 @@ public class TestListenHTTP {
@Test
public void testSecureTwoWaySslPOSTRequestsReceivedWithoutEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(true);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -224,7 +224,7 @@ public class TestListenHTTP {
@Test
public void testSecureTwoWaySslPOSTRequestsReturnCodeReceivedWithoutEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(true);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -238,7 +238,7 @@ public class TestListenHTTP {
@Test
public void testSecureTwoWaySslPOSTRequestsReceivedWithEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(true);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, HTTP_SERVER_PORT_EL);
@@ -251,7 +251,7 @@ public class TestListenHTTP {
@Test
public void testSecureTwoWaySslPOSTRequestsReturnCodeReceivedWithEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(true);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -265,7 +265,7 @@ public class TestListenHTTP {
@Test
public void testSecureInvalidSSLConfiguration() throws Exception {
SSLContextService sslContextService = configureInvalidProcessorSslContextService();
- runner.setProperty(sslContextService, StandardSSLContextService.SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardSSLContextService.SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, HTTP_SERVER_PORT_EL);
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenRELP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenRELP.java
index f651f36..aa6f6ba 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenRELP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenRELP.java
@@ -38,7 +38,7 @@ import org.apache.nifi.processors.standard.relp.response.RELPResponse;
import org.apache.nifi.provenance.ProvenanceEventRecord;
import org.apache.nifi.provenance.ProvenanceEventType;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.ssl.StandardSSLContextService;
import org.apache.nifi.util.MockFlowFile;
@@ -226,7 +226,7 @@ public class TestListenRELP {
// create either a regular socket or ssl socket based on context being passed in
if (sslContextService != null) {
- final SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ final SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
socket = sslContext.getSocketFactory().createSocket("localhost", realPort);
} else {
socket = new Socket("localhost", realPort);
@@ -283,7 +283,7 @@ public class TestListenRELP {
// Extend ListenRELP so we can use the CapturingSocketChannelResponseDispatcher
private static class ResponseCapturingListenRELP extends ListenRELP {
- private List<RELPResponse> responses = new ArrayList<>();
+ private final List<RELPResponse> responses = new ArrayList<>();
@Override
protected void respond(RELPEvent event, RELPResponse relpResponse) {
@@ -295,7 +295,7 @@ public class TestListenRELP {
// Extend ListenRELP to mock the ChannelDispatcher and allow us to return staged events
private static class MockListenRELP extends ListenRELP {
- private List<RELPEvent> mockEvents;
+ private final List<RELPEvent> mockEvents;
public MockListenRELP(List<RELPEvent> mockEvents) {
this.mockEvents = mockEvents;
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCP.java
index 428994b..c2bb828 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCP.java
@@ -26,7 +26,9 @@ import org.apache.commons.io.IOUtils;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.reporting.InitializationException;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.ssl.SSLContextService;
@@ -65,9 +67,9 @@ public class TestListenTCP {
runner = TestRunners.newTestRunner(proc);
runner.setProperty(ListenTCP.PORT, "0");
- clientTlsConfiguration = new TlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
+ clientTlsConfiguration = new StandardTlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TLS_PROTOCOL_VERSION);
- trustOnlyTlsConfiguration = new TlsConfiguration(null, null, null, null,
+ trustOnlyTlsConfiguration = new StandardTlsConfiguration(null, null, null, null,
TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TLS_PROTOCOL_VERSION);
}
@@ -80,7 +82,7 @@ public class TestListenTCP {
runner.setProperty(ListenTCP.CLIENT_AUTH, "");
runner.assertNotValid();
- runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCP.CLIENT_AUTH, ClientAuth.REQUIRED.name());
runner.assertValid();
}
@@ -127,7 +129,7 @@ public class TestListenTCP {
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException,
TlsException {
- runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCP.CLIENT_AUTH, ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
final List<String> messages = new ArrayList<>();
@@ -138,7 +140,7 @@ public class TestListenTCP {
messages.add("This is message 5\n");
// Make an SSLContext with a key and trust store to send the test messages
- final SSLContext clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration, SslContextFactory.ClientAuth.NONE);
+ final SSLContext clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration, ClientAuth.NONE);
runTCP(messages, messages.size(), clientSslContext);
@@ -151,7 +153,7 @@ public class TestListenTCP {
@Test
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, TlsException {
- runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCP.CLIENT_AUTH, ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
final List<String> messages = new ArrayList<>();
@@ -175,7 +177,7 @@ public class TestListenTCP {
@Test
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {
- runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
+ runner.setProperty(ListenTCP.CLIENT_AUTH, ClientAuth.NONE.name());
configureProcessorSslContextService();
final List<String> messages = new ArrayList<>();
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCPRecord.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCPRecord.java
index 91707de..8af404c 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCPRecord.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCPRecord.java
@@ -30,7 +30,9 @@ import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.schema.access.SchemaAccessUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.serialization.RecordReaderFactory;
@@ -113,9 +115,9 @@ public class TestListenTCPRecord {
runner.setProperty(ListenTCPRecord.RECORD_READER, readerId);
runner.setProperty(ListenTCPRecord.RECORD_WRITER, writerId);
- clientTlsConfiguration = new TlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
+ clientTlsConfiguration = new StandardTlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TLS_PROTOCOL_VERSION);
- trustOnlyTlsConfiguration = new TlsConfiguration(null, null, null, null,
+ trustOnlyTlsConfiguration = new StandardTlsConfiguration(null, null, null, null,
TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TLS_PROTOCOL_VERSION);
}
@@ -128,7 +130,7 @@ public class TestListenTCPRecord {
runner.setProperty(ListenTCPRecord.CLIENT_AUTH, "");
runner.assertNotValid();
- runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCPRecord.CLIENT_AUTH, ClientAuth.REQUIRED.name());
runner.assertValid();
}
@@ -171,7 +173,7 @@ public class TestListenTCPRecord {
@Test
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException, TlsException {
- runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCPRecord.CLIENT_AUTH, ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
// Make an SSLContext with a key and trust store to send the test messages
@@ -192,7 +194,7 @@ public class TestListenTCPRecord {
@Test
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {
- runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCPRecord.CLIENT_AUTH, ClientAuth.REQUIRED.name());
runner.setProperty(ListenTCPRecord.READ_TIMEOUT, "5 seconds");
configureProcessorSslContextService();
@@ -205,7 +207,7 @@ public class TestListenTCPRecord {
@Test
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {
- runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
+ runner.setProperty(ListenTCPRecord.CLIENT_AUTH, ClientAuth.NONE.name());
configureProcessorSslContextService();
// Make an SSLContext that only has the trust store, this should work since the processor has client auth NONE
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/util/TCPTestServer.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/util/TCPTestServer.java
index de33da0..8be0bcb 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/util/TCPTestServer.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/util/TCPTestServer.java
@@ -26,8 +26,9 @@ import java.util.List;
import java.util.concurrent.ArrayBlockingQueue;
import javax.net.ServerSocketFactory;
import javax.net.ssl.SSLContext;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
public class TCPTestServer implements Runnable {
@@ -54,9 +55,9 @@ public class TCPTestServer implements Runnable {
public synchronized void startServer(boolean ssl) throws Exception {
if (!isServerRunning()) {
if(ssl){
- TlsConfiguration tlsConfiguration = new TlsConfiguration("src/test/resources/keystore.jks","passwordpassword", null, "JKS", "src/test/resources/truststore.jks",
- "passwordpassword", "JKS", CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- final SSLContext sslCtx = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration("src/test/resources/keystore.jks","passwordpassword", null, "JKS", "src/test/resources/truststore.jks",
+ "passwordpassword", "JKS", TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ final SSLContext sslCtx = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.REQUIRED);
ServerSocketFactory sslSocketFactory = sslCtx.getServerSocketFactory();
serverSocket = sslSocketFactory.createServerSocket(0, 0, ipAddress);
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-client-service/src/main/java/org/apache/nifi/distributed/cache/client/DistributedMapCacheClientService.java b/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-client-service/src/main/java/org/apache/nifi/distributed/cache/client/DistributedMapCacheClientService.java
index e31bb4b..31b2248 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-client-service/src/main/java/org/apache/nifi/distributed/cache/client/DistributedMapCacheClientService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-client-service/src/main/java/org/apache/nifi/distributed/cache/client/DistributedMapCacheClientService.java
@@ -43,7 +43,7 @@ import org.apache.nifi.distributed.cache.protocol.exception.HandshakeException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.remote.StandardVersionNegotiator;
import org.apache.nifi.remote.VersionNegotiator;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-client-service/src/main/java/org/apache/nifi/distributed/cache/client/DistributedSetCacheClientService.java b/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-client-service/src/main/java/org/apache/nifi/distributed/cache/client/DistributedSetCacheClientService.java
index 997ece2..06d1a43 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-client-service/src/main/java/org/apache/nifi/distributed/cache/client/DistributedSetCacheClientService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-client-service/src/main/java/org/apache/nifi/distributed/cache/client/DistributedSetCacheClientService.java
@@ -39,7 +39,7 @@ import org.apache.nifi.distributed.cache.protocol.exception.HandshakeException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.remote.StandardVersionNegotiator;
import org.apache.nifi.remote.VersionNegotiator;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-server/src/main/java/org/apache/nifi/distributed/cache/server/DistributedSetCacheServer.java b/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-server/src/main/java/org/apache/nifi/distributed/cache/server/DistributedSetCacheServer.java
index bde95c0..12ce267 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-server/src/main/java/org/apache/nifi/distributed/cache/server/DistributedSetCacheServer.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-server/src/main/java/org/apache/nifi/distributed/cache/server/DistributedSetCacheServer.java
@@ -21,7 +21,7 @@ import javax.net.ssl.SSLContext;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.controller.ConfigurationContext;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
@Tags({"distributed", "set", "distinct", "cache", "server"})
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-server/src/main/java/org/apache/nifi/distributed/cache/server/map/DistributedMapCacheServer.java b/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-server/src/main/java/org/apache/nifi/distributed/cache/server/map/DistributedMapCacheServer.java
index ee14b92..0627a55 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-server/src/main/java/org/apache/nifi/distributed/cache/server/map/DistributedMapCacheServer.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-distributed-cache-services-bundle/nifi-distributed-cache-server/src/main/java/org/apache/nifi/distributed/cache/server/map/DistributedMapCacheServer.java
@@ -26,7 +26,7 @@ import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.distributed.cache.server.CacheServer;
import org.apache.nifi.distributed.cache.server.DistributedCacheServer;
import org.apache.nifi.distributed.cache.server.EvictionPolicy;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
@Tags({"distributed", "cluster", "map", "cache", "server", "key/value"})
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
index 80f9b59..c4e8abe 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
@@ -175,6 +175,11 @@
<version>1.12.1-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-security-utils</artifactId>
+ <version>1.12.1-SNAPSHOT</version>
+ </dependency>
</dependencies>
<build>
<plugins>
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java b/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java
index dd67e04..0c234c4 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java
@@ -18,6 +18,10 @@
package org.apache.nifi.oauth2;
import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import javax.net.ssl.SSLContext;
import okhttp3.FormBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
@@ -30,17 +34,12 @@ import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.exception.ProcessException;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.OkHttpClientUtils;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.ssl.SSLContextService;
-import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.util.StringUtils;
-import javax.net.ssl.SSLContext;
-import java.io.IOException;
-import java.util.List;
-import java.util.Map;
-
@Tags({"oauth2", "provider", "authorization" })
@CapabilityDescription("This controller service provides a way of working with access and refresh tokens via the " +
"password and client_credential grant flows in the OAuth2 specification. It is meant to provide a way for components " +
@@ -53,15 +52,15 @@ public class OAuth2TokenProviderImpl extends AbstractControllerService implement
private String resourceServerUrl;
private SSLContext sslContext;
- private SSLContextService sslContextService;
+ private SSLContextService sslService;
@OnEnabled
public void onEnabled(ConfigurationContext context) {
resourceServerUrl = context.getProperty(ACCESS_TOKEN_URL).evaluateAttributeExpressions().getValue();
- sslContextService = context.getProperty(SSL_CONTEXT).asControllerService(SSLContextService.class);
+ sslService = context.getProperty(SSL_CONTEXT).asControllerService(SSLContextService.class);
- sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ sslContext = sslService == null ? null : sslService.createSSLContext(ClientAuth.NONE);
}
@@ -90,8 +89,8 @@ public class OAuth2TokenProviderImpl extends AbstractControllerService implement
private OkHttpClient.Builder getClientBuilder() {
OkHttpClient.Builder clientBuilder = new OkHttpClient.Builder();
- if (sslContextService != null) {
- final TlsConfiguration tlsConfiguration = sslContextService.createTlsConfiguration();
+ if (sslService != null) {
+ final TlsConfiguration tlsConfiguration = sslService.createTlsConfiguration();
OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, clientBuilder);
}
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
index ed8382a..14d259f 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
@@ -17,12 +17,17 @@
package org.apache.nifi.ssl;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
+import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.util.StandardValidators;
+import org.apache.nifi.security.util.TlsConfiguration;
/**
* This class is functionally the same as {@link StandardSSLContextService}, but it restricts the allowable
@@ -42,7 +47,7 @@ public class StandardRestrictedSSLContextService extends StandardSSLContextServi
.displayName("TLS Protocol")
.defaultValue("TLS")
.required(false)
- .allowableValues(RestrictedSSLContextService.buildAlgorithmAllowableValues())
+ .allowableValues(buildAlgorithmAllowableValues())
.description(StandardSSLContextService.COMMON_TLS_PROTOCOL_DESCRIPTION +
"On Java 11, for example, TLSv1.3 will be the default, but if a client does not support it, TLSv1.2 will be offered as a fallback. TLSv1.0 and TLSv1.1 are not supported at all. ")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
@@ -73,4 +78,22 @@ public class StandardRestrictedSSLContextService extends StandardSSLContextServi
public String getSslAlgorithm() {
return configContext.getProperty(RESTRICTED_SSL_ALGORITHM).getValue();
}
+
+ /**
+ * Build a restricted set of allowable TLS protocol algorithms.
+ *
+ * @return the computed set of allowable values
+ */
+ static AllowableValue[] buildAlgorithmAllowableValues() {
+ final Set<String> supportedProtocols = new HashSet<>();
+
+ supportedProtocols.add("TLS");
+
+ /*
+ * Add specifically supported TLS versions
+ */
+ supportedProtocols.addAll(Arrays.asList(TlsConfiguration.getCurrentSupportedTlsProtocolVersions()));
+
+ return SSLContextService.formAllowableValues(supportedProtocols);
+ }
}
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
index 6e2878a..1f75fb4 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
@@ -40,6 +40,7 @@ import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.StringUtils;
@@ -229,13 +230,21 @@ public class StandardSSLContextService extends AbstractControllerService impleme
*/
@Override
public TlsConfiguration createTlsConfiguration() {
- return new TlsConfiguration(getKeyStoreFile(), getKeyStorePassword(),
+ return new StandardTlsConfiguration(getKeyStoreFile(), getKeyStorePassword(),
getKeyPassword(), getKeyStoreType(), getTrustStoreFile(),
getTrustStorePassword(), getTrustStoreType(), getSslAlgorithm());
}
+ /**
+ * Returns a configured {@link SSLContext} from the populated configuration values. This method is preferred
+ * over the overloaded method which accepts the deprecated {@link ClientAuth} enum.
+ *
+ * @param clientAuth the desired level of client authentication
+ * @return the configured SSLContext
+ * @throws ProcessException if there is a problem configuring the context
+ */
@Override
- public SSLContext createSSLContext(final SslContextFactory.ClientAuth clientAuth) throws ProcessException {
+ public SSLContext createSSLContext(final org.apache.nifi.security.util.ClientAuth clientAuth) throws ProcessException {
try {
return SslContextFactory.createSslContext(createTlsConfiguration(), clientAuth);
} catch (TlsException e) {
@@ -244,6 +253,21 @@ public class StandardSSLContextService extends AbstractControllerService impleme
}
}
+ /**
+ * Returns a configured {@link SSLContext} from the populated configuration values. This method is deprecated
+ * due to the use of the deprecated {@link ClientAuth} enum and the overloaded method
+ * ({@link #createSSLContext(org.apache.nifi.security.util.ClientAuth)}) is preferred.
+ *
+ * @param clientAuth the desired level of client authentication
+ * @return the configured SSLContext
+ * @throws ProcessException if there is a problem configuring the context
+ */
+ @Override
+ public SSLContext createSSLContext(final ClientAuth clientAuth) throws ProcessException {
+ org.apache.nifi.security.util.ClientAuth resolvedClientAuth = org.apache.nifi.security.util.ClientAuth.valueOf(clientAuth.name());
+ return createSSLContext(resolvedClientAuth);
+ }
+
@Override
public String getTrustStoreFile() {
return configContext.getProperty(TRUSTSTORE).getValue();
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/groovy/org/apache/nifi/ssl/StandardSSLContextServiceTest.groovy b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/groovy/org/apache/nifi/ssl/StandardSSLContextServiceTest.groovy
index 51e293e..01f86e3 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/groovy/org/apache/nifi/ssl/StandardSSLContextServiceTest.groovy
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/groovy/org/apache/nifi/ssl/StandardSSLContextServiceTest.groovy
@@ -19,7 +19,7 @@ package org.apache.nifi.ssl
import org.apache.nifi.components.ValidationContext
import org.apache.nifi.components.ValidationResult
import org.apache.nifi.components.Validator
-import org.apache.nifi.security.util.SslContextFactory
+import org.apache.nifi.security.util.ClientAuth
import org.apache.nifi.state.MockStateManager
import org.apache.nifi.util.MockProcessContext
import org.apache.nifi.util.MockValidationContext
@@ -176,7 +176,7 @@ class StandardSSLContextServiceTest {
runner.assertValid(sslContextService)
// Act
- SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.NONE)
// Assert
assert sslContext
@@ -198,7 +198,7 @@ class StandardSSLContextServiceTest {
runner.assertValid(sslContextService)
// Act
- SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.NONE)
// Assert
assert sslContext
@@ -258,4 +258,32 @@ class StandardSSLContextServiceTest {
// If the EL was evaluated, the path would be valid
assert !vr.isValid()
}
+
+ /**
+ * This test ensures that the deprecated ClientAuth enum is correctly mapped to the canonical enum.
+ */
+ @Test
+ void testShouldTranslateValidDeprecatedClientAuths() {
+ // Arrange
+ TestRunner runner = TestRunners.newTestRunner(TestProcessor.class)
+ String controllerServiceId = "ssl-context"
+ final SSLContextService sslContextService = new StandardSSLContextService()
+ runner.addControllerService(controllerServiceId, sslContextService)
+ runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, NO_PASSWORD_TRUSTSTORE_PATH)
+ runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, TRUSTSTORE_TYPE)
+ runner.enableControllerService(sslContextService)
+ runner.assertValid(sslContextService)
+
+ // Act
+ Map<SSLContextService.ClientAuth, SSLContext> sslContexts = SSLContextService.ClientAuth.values().collectEntries { ca ->
+ [ca, sslContextService.createSSLContext(ca)]
+ }
+
+ // Assert
+ assert sslContexts.size() == ClientAuth.values().size()
+ sslContexts.every { clientAuth, sslContext ->
+ assert ClientAuth.isValidClientAuthType(clientAuth.name())
+ assert sslContext
+ }
+ }
}
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/RestrictedSSLContextServiceTest.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/RestrictedSSLContextServiceTest.java
index aced8d7..61eaa0e 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/RestrictedSSLContextServiceTest.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/RestrictedSSLContextServiceTest.java
@@ -25,7 +25,7 @@ import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import org.apache.nifi.components.AllowableValue;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.junit.Test;
public class RestrictedSSLContextServiceTest {
@@ -34,9 +34,9 @@ public class RestrictedSSLContextServiceTest {
public void testTLSAlgorithms() {
final Set<String> expected = new HashSet<>();
expected.add("TLS");
- expected.addAll(Arrays.asList(CertificateUtils.getCurrentSupportedTlsProtocolVersions()));
+ expected.addAll(Arrays.asList(TlsConfiguration.getCurrentSupportedTlsProtocolVersions()));
- final AllowableValue[] allowableValues = RestrictedSSLContextService.buildAlgorithmAllowableValues();
+ final AllowableValue[] allowableValues = StandardRestrictedSSLContextService.buildAlgorithmAllowableValues();
assertThat(allowableValues, notNullValue());
assertThat(allowableValues.length, equalTo(expected.size()));
for(final AllowableValue value : allowableValues) {
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/SSLContextServiceTest.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/SSLContextServiceTest.java
index e654b8a..5f944ba 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/SSLContextServiceTest.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/SSLContextServiceTest.java
@@ -38,7 +38,7 @@ import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.util.MockProcessContext;
import org.apache.nifi.util.MockValidationContext;
import org.apache.nifi.util.TestRunner;
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml
index 2d6bde6..a6f45bd 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml
@@ -28,7 +28,7 @@
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
- <artifactId>nifi-security-utils</artifactId>
+ <artifactId>nifi-security-utils-api</artifactId>
<version>1.12.1-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java
index 2544a71..05fd136 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java
@@ -16,50 +16,10 @@
*/
package org.apache.nifi.ssl;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import org.apache.nifi.components.AllowableValue;
-import org.apache.nifi.security.util.CertificateUtils;
-
/**
* Simple extension of the regular {@link SSLContextService} to allow for restricted implementations
* of that interface.
*/
public interface RestrictedSSLContextService extends SSLContextService {
- /**
- * Build a restricted set of allowable TLS protocol algorithms.
- *
- * @return the computed set of allowable values
- */
- static AllowableValue[] buildAlgorithmAllowableValues() {
- final Set<String> supportedProtocols = new HashSet<>();
-
- /*
- * Prepopulate protocols with generic instance types commonly used
- * see: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext
- */
- supportedProtocols.add("TLS");
-
- /*
- * Add specifically supported TLS versions
- */
- supportedProtocols.addAll(Arrays.asList(CertificateUtils.getCurrentSupportedTlsProtocolVersions()));
-
- final int numProtocols = supportedProtocols.size();
-
- // Sort for consistent presentation in configuration views
- final List<String> supportedProtocolList = new ArrayList<>(supportedProtocols);
- Collections.sort(supportedProtocolList);
-
- final List<AllowableValue> protocolAllowableValues = new ArrayList<>();
- for (final String protocol : supportedProtocolList) {
- protocolAllowableValues.add(new AllowableValue(protocol));
- }
- return protocolAllowableValues.toArray(new AllowableValue[numProtocols]);
- }
}
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java
index 27e7d93..800625f 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java
@@ -29,7 +29,6 @@ import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TlsConfiguration;
/**
@@ -41,10 +40,42 @@ import org.apache.nifi.security.util.TlsConfiguration;
+ "that configuration throughout the application")
public interface SSLContextService extends ControllerService {
- // May need to back out if NAR-specific API can't be modified in minor release
TlsConfiguration createTlsConfiguration();
- SSLContext createSSLContext(final SslContextFactory.ClientAuth clientAuth) throws ProcessException;
+ /**
+ * This enum was removed in 1.12.0 but external custom code has been compiled against it, so it is returned
+ * in 1.12.1. This enum should no longer be used and any dependent code should now reference
+ * ClientAuth moving forward. This enum may be removed in a future release.
+ *
+ */
+ @Deprecated
+ enum ClientAuth {
+ WANT,
+ REQUIRED,
+ NONE
+ }
+
+ /**
+ * Returns a configured {@link SSLContext} from the populated configuration values. This method is preferred
+ * over the overloaded method which accepts the deprecated {@link ClientAuth} enum.
+ *
+ * @param clientAuth the desired level of client authentication
+ * @return the configured SSLContext
+ * @throws ProcessException if there is a problem configuring the context
+ */
+ SSLContext createSSLContext(final org.apache.nifi.security.util.ClientAuth clientAuth) throws ProcessException;
+
+ /**
+ * Returns a configured {@link SSLContext} from the populated configuration values. This method is deprecated
+ * due to the use of the deprecated {@link ClientAuth} enum and the overloaded method
+ * ({@link #createSSLContext(org.apache.nifi.security.util.ClientAuth)}) is preferred.
+ *
+ * @param clientAuth the desired level of client authentication
+ * @return the configured SSLContext
+ * @throws ProcessException if there is a problem configuring the context
+ */
+ @Deprecated
+ SSLContext createSSLContext(final ClientAuth clientAuth) throws ProcessException;
String getTrustStoreFile();
@@ -90,16 +121,27 @@ public interface SSLContextService extends ControllerService {
// ignored as default is used
}
- final int numProtocols = supportedProtocols.size();
+ return formAllowableValues(supportedProtocols);
+ }
+
+ /**
+ * Returns an array of {@link AllowableValue} objects formed from the provided
+ * set of Strings. The returned array is sorted for consistency in display order.
+ *
+ * @param rawValues the set of string values
+ * @return an array of AllowableValues
+ */
+ static AllowableValue[] formAllowableValues(Set<String> rawValues) {
+ final int numProtocols = rawValues.size();
// Sort for consistent presentation in configuration views
- final List<String> supportedProtocolList = new ArrayList<>(supportedProtocols);
- Collections.sort(supportedProtocolList);
+ final List<String> valueList = new ArrayList<>(rawValues);
+ Collections.sort(valueList);
- final List<AllowableValue> protocolAllowableValues = new ArrayList<>();
- for (final String protocol : supportedProtocolList) {
- protocolAllowableValues.add(new AllowableValue(protocol));
+ final List<AllowableValue> allowableValues = new ArrayList<>();
+ for (final String protocol : valueList) {
+ allowableValues.add(new AllowableValue(protocol));
}
- return protocolAllowableValues.toArray(new AllowableValue[numProtocols]);
+ return allowableValues.toArray(new AllowableValue[numProtocols]);
}
}
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-standard-services-api-nar/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-standard-services-api-nar/pom.xml
index 78b8de9..ddf7129 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-standard-services-api-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-standard-services-api-nar/pom.xml
@@ -39,6 +39,11 @@
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-security-utils-api</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
<artifactId>nifi-distributed-cache-client-service-api</artifactId>
<scope>compile</scope>
</dependency>
diff --git a/nifi-nar-bundles/pom.xml b/nifi-nar-bundles/pom.xml
index d95b6f0..84b9ccb 100755
--- a/nifi-nar-bundles/pom.xml
+++ b/nifi-nar-bundles/pom.xml
@@ -200,6 +200,12 @@
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-security-utils-api</artifactId>
+ <version>1.13.0-SNAPSHOT</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
<artifactId>nifi-load-distribution-service-api</artifactId>
<version>1.12.1-SNAPSHOT</version>
<scope>provided</scope>
diff --git a/nifi-toolkit/nifi-toolkit-cli/src/main/java/org/apache/nifi/toolkit/cli/impl/client/nifi/NiFiClientConfig.java b/nifi-toolkit/nifi-toolkit-cli/src/main/java/org/apache/nifi/toolkit/cli/impl/client/nifi/NiFiClientConfig.java
index fcf1501..ee25506 100644
--- a/nifi-toolkit/nifi-toolkit-cli/src/main/java/org/apache/nifi/toolkit/cli/impl/client/nifi/NiFiClientConfig.java
+++ b/nifi-toolkit/nifi-toolkit-cli/src/main/java/org/apache/nifi/toolkit/cli/impl/client/nifi/NiFiClientConfig.java
@@ -29,14 +29,14 @@ import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.nifi.registry.security.util.KeyStoreUtils;
import org.apache.nifi.registry.security.util.KeystoreType;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
/**
* Configuration for a NiFiClient.
*/
public class NiFiClientConfig {
- public static final String DEFAULT_PROTOCOL = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion();
+ public static final String DEFAULT_PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion();
private final String baseUrl;
private final SSLContext sslContext;
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformer.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformer.java
index 563c054..e58ab2e 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformer.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformer.java
@@ -39,6 +39,7 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.toolkit.tls.configuration.TlsClientConfig;
import org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityRequest;
import org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse;
@@ -99,7 +100,7 @@ public class TlsCertificateSigningRequestPerformer {
HttpClientBuilder httpClientBuilder = httpClientBuilderSupplier.get();
SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
- sslContextBuilder.useProtocol(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ sslContextBuilder.useProtocol(TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
// We will be validating that we are talking to the correct host once we get the response's hmac of the token and public key of the ca
sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityService.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityService.java
index d95ae8e..bb44077 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityService.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityService.java
@@ -25,7 +25,7 @@ import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.manager.TlsCertificateAuthorityManager;
import org.apache.nifi.toolkit.tls.manager.writer.JsonConfigurationWriter;
@@ -63,7 +63,7 @@ public class TlsCertificateAuthorityService {
Server server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
- sslContextFactory.setIncludeProtocols(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ sslContextFactory.setIncludeProtocols(TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword(keyPassword);
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatusCommandLine.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatusCommandLine.java
index dc5b8fd..4ce1eb2 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatusCommandLine.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatusCommandLine.java
@@ -20,8 +20,8 @@ import java.net.URI;
import java.net.URISyntaxException;
import javax.net.ssl.SSLContext;
import org.apache.commons.cli.CommandLine;
-import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.CommandLineParseException;
@@ -45,7 +45,7 @@ public class TlsToolkitGetStatusCommandLine extends BaseCommandLine {
public static final String TRUSTSTORE_PASSWORD_ARG = "trustStorePassword";
public static final String PROTOCOL_ARG = "protocol";
- public static final String DEFAULT_PROTOCOL = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion();
+ public static final String DEFAULT_PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion();
public static final String DEFAULT_KEYSTORE_TYPE = "JKS";
public static final String DESCRIPTION = "Checks the status of an HTTPS endpoint by making a GET request using a supplied keystore and truststore.";
@@ -120,7 +120,7 @@ public class TlsToolkitGetStatusCommandLine extends BaseCommandLine {
}
try {
- TlsConfiguration tlsConfiguration = new TlsConfiguration(keystoreFilename, keystorePassword, keyPassword, keystoreTypeStr,
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration(keystoreFilename, keystorePassword, keyPassword, keystoreTypeStr,
truststoreFilename, truststorePassword, truststoreTypeStr, protocol);
if (tlsConfiguration.isAnyTruststorePopulated()) {